netbsd-users: Re: OpenSSL bug in other OSs

Subject: Re: OpenSSL bug in other OSs
To: None <netbsd-users@NetBSD.org>
From: Adrian Portelli <adrianp@stindustries.net>
List: netbsd-users
Date: 10/15/2007 15:48:07

Douglas A. Tutty wrote:
> I notice that on Oct 02, there was a security patch for OpenSSL on
> Debian regarding off-by-one error / buffer overflow.
> 
> On Oct 03, it showed up on FreeBSD's page.
> 
> On Oct 10, it showed up on OpenBSD's page.
> 
> I don't see it on NetBSD's page at all.  Did NetBSD dodge this one, has
> it not been noticed, or just not fixed yet?
> 
> Doug.
> 

It's been fixed in -current and netbsd-4, we were working on an advisory
for it when another OpenSSL bug was found and we are currently working
on resolving that.  Once both have been resolved we will release an
advisory.

adrian.