freebsd security - Aug 2014 - OpenSSL SA

Hello. According to https://www.openssl.org/news/secadv_20140806.txt
there's been a known SA in OpenSSL for 24 days. Since then
security/openssl has been updated and there have been updates to head
and stable{8,9,10} but there hasn't been any FreeBSD SA. Is it that so@
has somehow forgotten about it, or the vulnerable features are off in base?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.freebsd.org/pipermail/freebsd-security/attachments/20140830/f5b31858/attachment.sig>

On Sat, Aug 30, 2014 at 11:47 AM, Piotr Kubaj <pkubaj at riseup.net>
wrote:
> Hello. According to https://www.openssl.org/news/secadv_20140806.txt
> there's been a known SA in OpenSSL for 24 days. Since then
> security/openssl has been updated and there have been updates to head
> and stable{8,9,10} but there hasn't been any FreeBSD SA. Is it that so@
> has somehow forgotten about it, or the vulnerable features are off in base?
It looks like OpenSSL 1.0.1i (which fixes all the issues in the SA
from upstream) was merged into stable on August 7th. The announcement
from FreeBSD was probably accidentally not published.

Brandon Vincent