-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 06/11/15 16:34, Michelle Sullivan wrote:> Roger Marquis wrote:
>> The ports-secteam knows about this but posting here in case
>> someone wants to update ahead of the port, from this morning's
>> Hackernews:
>>
>> <https://www.openssl.org/news/secadv_20150611.txt>
>>
>
> *wonders how this will affect 8.x & 9.x* (seems to be no fix for
> 0.9.8 which 8.4 and 9.3 has 0.9.8zd in base - i expect 8.4 to get
> ignored as it EoLs on Jun 30, 2015, but 9.3 EoLs on Dec 31, 2016)
Well, by "supported" we mean supported at least up until the EoL date
and they will never be dropped before that date.
Actually we are working on the update right now (first round of tests
done, patches going to build and writing advisories, etc.) so it would
be out sometime today or tomorrow.
Additionally we are considering issuing another EN for all supported
releases at a later time to do a full upgrade after the current batch
of -STABLE OpenSSL upgrades gets enough exposure.
Cheers,
- --
Xin LI <delphij at delphij.net> https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.4 (FreeBSD)
iQIcBAEBCgAGBQJVeixMAAoJEJW2GBstM+nslxIP/jh1wWjo6KSqhjwdkoKIfqix
FHR+xT+FduFjMvku84TaOIBI+EgyBetnOIT9Lovg8BhUvFqGQh+bN5KleRiUjpPf
vees9pvZ/r0GmpJfDbKX3kbTc+QfumO7W2yu8xaPeL4UJIo7OnzUmmcfjbWHvfLk
W7MaLUA3NR1I1H6YBNCydaPOafDqk1SjUuZTN4jrgSWPAeRA8TWKnx0Cd62VN3u/
0a0pMDFJmEMZodKcfsleZA2TrtSX4SC8xqQVxB8Rg5+YKahb1dOJC3+im1DqN9tM
4xuDvDLzEw/ilWIVIa0EyIxwW+8eIhKFgSr7a6hj+anBxkFYzsMClRdzJc7snQtQ
QfscsxXbH4rx2zW1IvT+UrLUUlpdRjp77BR1nSTZ7voKRSQf46bTWduaZfK2SIe9
SUxMazajJtzV6ovgRGQWOhBhAD3hU95Yt4lWAW0HOcf40Wzp/ZKslpA5pP7a00KS
101eQ5AaAax44GcN5sY/dzvbmw9NLtBK4r9w2e6GsDUYiOXEPRLr3G4NExU2J85m
Ke2ktTPKjc2mhq9P4T2hjgqHrJB36SBr7Nu7FXAVHDTG7wQVO+a5CUpq6toA7c4f
AKhg+3pb8A8V35i4rEbMEo+Grdj0nMiGXafYEBRGYo+YKKmboxY9PYnary2wOpz5
J5Gm6w/kfxKUHfFjx7FJ
=oJDs
-----END PGP SIGNATURE-----