Subject: Re: OpenSSL bug in other OSs
To: None <>
From: Adrian Portelli <>
List: netbsd-users
Date: 10/15/2007 15:48:07
Douglas A. Tutty wrote:
> I notice that on Oct 02, there was a security patch for OpenSSL on
> Debian regarding off-by-one error / buffer overflow.
> On Oct 03, it showed up on FreeBSD's page.
> On Oct 10, it showed up on OpenBSD's page.
> I don't see it on NetBSD's page at all.  Did NetBSD dodge this one, has
> it not been noticed, or just not fixed yet?
> Doug.

It's been fixed in -current and netbsd-4, we were working on an advisory
for it when another OpenSSL bug was found and we are currently working
on resolving that.  Once both have been resolved we will release an