On 13 Jun 2015, at 05:13, Zoran Kolic <zkolic at sbb.rs>
wrote:>
> Do I read this advisory correctly: it does not affect 9.3?
It *does* affect 9.3:
> Category: contrib
> Module: openssl
> Announced: 2015-06-12
> Affects: All supported versions of FreeBSD.
> Corrected: 2015-06-11 19:07:45 UTC (stable/10, 10.1-STABLE)
> 2015-06-12 07:23:55 UTC (releng/10.1, 10.1-RELEASE-p12)
> 2015-06-11 19:39:27 UTC (stable/9, 9.3-STABLE)
> 2015-06-12 07:23:55 UTC (releng/9.3, 9.3-RELEASE-p16)
> 2015-06-11 19:39:27 UTC (stable/8, 8.4-STABLE)
> 2015-06-12 07:23:55 UTC (releng/8.4, 8.4-RELEASE-p30)
> CVE Name: CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791
> CVE-2015-1792, CVE-2015-4000
You need 9.3-RELEASE-p16 to fix it.
-Dimitry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: Message signed with OpenPGP using GPGMail
URL:
<http://lists.freebsd.org/pipermail/freebsd-security/attachments/20150613/37451e42/attachment.sig>