pkgsrc-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: audit messages for openssl-1.0.2a?
On Sat, Mar 21, 2015 at 03:05:38AM +0900, Ryo ONODERA wrote:
> Hi,
>
> From: Matthias Ferdinand <mf+ml.pkgsrc-users%netzwerkagentursaarland.de@localhost>, Date: Fri, 20 Mar 2015 16:55:27 +0100
>
> > Hi,
> >
> > after upgrading (from pkgsrc-current) to openssl-1.0.2a, I still get
> > two audit messages:
> >
> > Package openssl-1.0.2a has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
> > Package openssl-1.0.2a has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
> >
> > From what I understand in the openssl advisory at
> > http://www.openssl.org/news/secadv_20150319.txt, these vulnerabilites
> > should be fixed in 1.0.2a. Aren't they?
>
> I have uploaded latest pkg-vulnerabilities.
> Please download it again.
Thank you, looks good now.
Regards
Matthias
Home |
Main Index |
Thread Index |
Old Index