audit messages for openssl-1.0.2a?

To: pkgsrc-users%netbsd.org@localhost
Subject: audit messages for openssl-1.0.2a?
From: Matthias Ferdinand <mf+ml.pkgsrc-users%netzwerkagentursaarland.de@localhost>
Date: Fri, 20 Mar 2015 16:55:27 +0100

Hi,

after upgrading (from pkgsrc-current) to openssl-1.0.2a, I still get
two audit messages:

    Package openssl-1.0.2a has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
    Package openssl-1.0.2a has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288

From what I understand in the openssl advisory at
http://www.openssl.org/news/secadv_20150319.txt, these vulnerabilites
should be fixed in 1.0.2a. Aren't they?

Regards
Matthias

Follow-Ups:
- Re: audit messages for openssl-1.0.2a?
  - From: Ryo ONODERA

Prev by Date: (OSTRZEZENIE )Twoja skrzynka pocztowa zostala tymczasowo zawieszona !!!
Next by Date: Re: audit messages for openssl-1.0.2a?
Previous by Thread: (OSTRZEZENIE )Twoja skrzynka pocztowa zostala tymczasowo zawieszona !!!
Next by Thread: Re: audit messages for openssl-1.0.2a?
Indexes:

Home | Main Index | Thread Index | Old Index