Re: Prefer pkgsrc OpenSSL after 2016Q1.

[Martin Husemann <martin%duskware.de@localhost>]

On Thu, Mar 10, 2016 at 01:27:24AM +0100, Kamil Rytarowski wrote:
> We are coming to the conclusion.

Well, the netbsd-7 openssh has been patched on Feb 22:

crypto/external/bsd/openssh/dist/readconf.c     patch
crypto/external/bsd/openssh/dist/ssh.c          patch

        Fix CVE CVE-2016-0777 by disabling roaming completely.
        [christos, ticket #1075]

and openssl earlier this week:

        Import openssl-1.0.1s, fixing various CVEs:
        CVE-2015-0293 CVE-2015-1794 CVE-2015-3193 CVE-2015-3194
        CVE-2015-3195 CVE-2015-3196 CVE-2015-3197 CVE-2016-0702
        CVE-2016-0703 CVE-2016-0704 CVE-2016-0705 CVE-2016-0797
        CVE-2016-0798 CVE-2016-0799 CVE-2016-0800
        This includes "DROWN". Backward binary compatibility has been
        preserved, but no SSLv2 code is available.
        [spz, ticket #1127]

And of course there will be SAs for both.

Martin