similar to: FreeBSD Security Advisory FreeBSD-SA-07:08.openssl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:23.openssl Security Advisory The FreeBSD Project Topic: Multiple problems in crypto(3) Category: contrib Module: openssl Announced:

I did not see any commits to the OpenSSL code, recently; is anybody going to commit the fix? See http://www.securityfocus.com/archive/1/480855/30/0 for details ... Regards, STefan

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:07.bind Security Advisory The FreeBSD Project Topic: Predictable query ids in named(8) Category: contrib Module: bind Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:07.bind Security Advisory The FreeBSD Project Topic: Predictable query ids in named(8) Category: contrib Module: bind Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:06.tcpdump Security Advisory The FreeBSD Project Topic: Buffer overflow in tcpdump(1) Category: contrib Module: tcpdump Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:06.tcpdump Security Advisory The FreeBSD Project Topic: Buffer overflow in tcpdump(1) Category: contrib Module: tcpdump Announced:

> John Freeman wrote: > >> Same problem on AMD64 build. I'm too lazy to attach full text, this >> system doesn't use bind and jail. > > What branch are you tracking? > > Doug > 6.2 STABLE (RELENG_6 latest cvs) amd64 -

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:03.ipv6 Security Advisory The FreeBSD Project Topic: IPv6 Routing Header 0 is dangerous Category: core Module: ipv6 Announced:

Here's another project for us. We'll want to upgrade to 6.3-RELEASE in May. On Wed, Apr 2, 2008 at 7:00 AM, <freebsd-security-request@freebsd.org> wrote: > Send freebsd-security mailing list submissions to > freebsd-security@freebsd.org > > To subscribe or unsubscribe via the World Wide Web, visit >

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:25.kmem Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in firewire(4) Category: core Module: sys_dev Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:23.openssl Security Advisory The FreeBSD Project Topic: Multiple problems in crypto(3) Category: contrib Module: openssl Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:23.openssl Security Advisory The FreeBSD Project Topic: Multiple problems in crypto(3) Category: contrib Module: openssl Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:23.openssl Security Advisory The FreeBSD Project Topic: Multiple problems in crypto(3) Category: contrib Module: openssl Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:22.openssh Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in OpenSSH Category: contrib Module: openssh Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:22.openssh Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in OpenSSH Category: contrib Module: openssh Announced:

Hi, According to the webpage [1], 6.1 has been branched on April 5. However, I noticed that there is a tag called RELENG_6_1, not a branch called RELENG_6_1. For example, sys/conf/newvers.sh [2], rev 1.69.2.11, is on RELENG_6 branch with tag RELENG_6_1_BP and RELENG_6_1. It is a bit strange for me. At least, we have RELENG_X_Y branch before and RELENG_X_Y_BP tag. Is there any special reason that

Connecting to dovecot with ssl3 causes imap-login to die: $ openssl s_client -connect localhost:993 -ssl3 CONNECTED(00000003) 4277630796:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1461:SSL alert number 40 4277630796:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:645: --- no peer certificate available --- No client certificate

Hello Dovecot users! There seems to be a new dependency in some modules (eg, lib-storage, libdovecot-lda, libdovecot-ssl) on OpenSSL. In Dovecot 2.0, those modules didn't require OpenSSL, but 2.1 does. For the linking process the path to the OpenSSL library isn't specified properly (SSL_LIBS). Dovecot fails to build if OpenSSL is in a non-standard path. (Haven't checked if SSL_CFLAGS

Hello, I tried to compile Dovecot 2.2.5 on Debian 6 with an alternate OpenSSL installation located at /usr/local/ssl A compilation with CPPFLAGS="-I/usr/local/ssl/include" \ LDFLAGS="-L/usr/local/ssl/lib -Wl,-rpath=/usr/local/ssl/lib" \ SSL_LIBS="-L/usr/local/ssl/lib -Wl,-rpath=/usr/local/ssl/lib" \ ./configure \ --prefix=/opt/dovecot-2.2.5 \ --enable-asserts \

I'm curious about the estimated EoL date on 6.2-RELEASE. Current estimate is listed as Jan 31 2008. That's just about 5 months away now. Suggestions for those who are about to be EoL'ed? Thanks.