Em 05-06-2014 15:57, Theo de Raadt escreveu: >> Em 05-06-2014 15:42, dera...@cvs.openbsd.org escreveu: >>> We are sorry that the errata for these libssl security issues are not >>> up yet. >>> >>> The majority of these issues are in our ssl library as well. >>> >>> Most other operating system vendors have patches available, but that >>> is because they were (obviously) given a heads up to prepare them over >>> the last few days. >>> >>> OpenBSD / LibreSSL did not receive any heads-up from OpenSSL. >>> >>> >>> >>> So hold on, we'll try to have errata out in a few hours. >>> >> Theo, >> >> I'm just curious, but, this happened in the past? > Sure, it has happened in the past. But probably not to this > degree. > > Some sort of timeline has been published. Read between the lines. > > http://seclists.org/oss-sec/2014/q2/466 Hmmm, the first thing I did on that page was ctrl + f OpenBSD: not found. It's very interesting that this happened, to this degree as you mentioned, just after you guys forked OpenSSL. I've disable most of the daemons that use ssl in my systems, until this errata comes along. Don't hush it, specially since you guys didn't got notified of this.
Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
