Subject: Re: OpenSSL bug in other OSs
To: None <netbsd-users@NetBSD.org>
From: Adrian Portelli <email@example.com>
Date: 10/15/2007 15:48:07
Douglas A. Tutty wrote:
> I notice that on Oct 02, there was a security patch for OpenSSL on
> Debian regarding off-by-one error / buffer overflow.
> On Oct 03, it showed up on FreeBSD's page.
> On Oct 10, it showed up on OpenBSD's page.
> I don't see it on NetBSD's page at all. Did NetBSD dodge this one, has
> it not been noticed, or just not fixed yet?
It's been fixed in -current and netbsd-4, we were working on an advisory
for it when another OpenSSL bug was found and we are currently working
on resolving that. Once both have been resolved we will release an