From delphij@hotmail.com Thu Dec 12 06:05:36 2002 Return-Path: Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 14ED637B401 for ; Thu, 12 Dec 2002 06:05:36 -0800 (PST) Received: from hotmail.com (f82.law10.hotmail.com [64.4.15.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id C9BF243EC2 for ; Thu, 12 Dec 2002 06:05:35 -0800 (PST) (envelope-from delphij@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 12 Dec 2002 06:00:51 -0800 Received: from 218.246.96.6 by lw10fd.law10.hotmail.msn.com with HTTP; Thu, 12 Dec 2002 14:00:51 GMT Message-Id: Date: Thu, 12 Dec 2002 22:00:51 +0800 From: Xin LI To: FreeBSD-gnats-submit@freebsd.org Cc: delphij@frontfree.net Subject: pending/46207: OpenSSL in base system should be updated to 0.96h >Number: 46207 >Category: bin >Synopsis: OpenSSL in base system should be updated to 0.96h >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Dec 12 06:10:01 PST 2002 >Closed-Date: Sat Jul 12 18:27:13 PDT 2003 >Last-Modified: Sat Jul 12 18:27:13 PDT 2003 >Originator: Xin LI >Release: FreeBSD 5.0-RC i386 >Organization: Frontfree Technology Network >Environment: System: FreeBSD testsrv.inet0.frontfree.net 5.0-RC FreeBSD 5.0-RC #2: Tue Dec 10 19:28:26 CST 2002 delphij@testsrv.inet0.frontfree.net:/usr/obj/usr/src/sys/TESTSRV i386 >Description: OpenSSL is the fundamental security library in the base system. Recently it released 0.96h, which contain many bug fixes. For security reasons, the OpenSSL in base system should be updated to supply more security environment. >How-To-Repeat: OpenSSL contained in the base system is now 0.96g, which can be indicated by doing this: openssl version OpenSSL 0.9.6g 9 Aug 2002 The desired version is 0.9.6h. >Fix: The OpenSSL code should be directly imported from openssl.org's source tree. I'm not sure what patch should be applied to the code, thus I think it might be better for the maintainer of the security code to do the patch... >Release-Note: >Audit-Trail: Class-Changed-From-To: update->change-request Class-Changed-By: keramida Class-Changed-When: Sat Dec 14 04:03:24 PST 2002 Class-Changed-Why: Misfiled PR. Responsible-Changed-From-To: gnats-admin->freebsd-bugs Responsible-Changed-By: keramida Responsible-Changed-When: Sat Dec 14 04:03:24 PST 2002 Responsible-Changed-Why: Assign this to freebsd-bugs where people have a chance to see it. http://www.freebsd.org/cgi/query-pr.cgi?pr=46207 State-Changed-From-To: open->closed State-Changed-By: kris State-Changed-When: Sat Jul 12 18:27:03 PDT 2003 State-Changed-Why: OpenSSL was updated some time ago http://www.freebsd.org/cgi/query-pr.cgi?pr=46207 >Unformatted: