tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Prefer pkgsrc OpenSSL after 2016Q1.
On Wed, Mar 09, 2016 at 05:05:50PM -0600, J. Lewis Muir wrote:
>
> Are there security advisories you know of that were not sent to the
> security-announce mailing list?
>
Here is a list of OpenSSL only vulnerabilities:
https://www.openssl.org/news/vulnerabilities.html
You will see that since September 2015, there have 3 vulnerabilities
listed as 'high priority'.
CVE-2016-0701, CVE-2016-0800, CVE-2016-0703
(I hope the link helps highlight why this library is very problematic)
Home |
Main Index |
Thread Index |
Old Index