pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

audit messages for openssl-1.0.2a?



Hi,

after upgrading (from pkgsrc-current) to openssl-1.0.2a, I still get
two audit messages:

    Package openssl-1.0.2a has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
    Package openssl-1.0.2a has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288

From what I understand in the openssl advisory at
http://www.openssl.org/news/secadv_20150319.txt, these vulnerabilites
should be fixed in 1.0.2a. Aren't they?

Regards
Matthias


Home | Main Index | Thread Index | Old Index