>I believe that many versions of NetBSD are vulnerable to
the attacks
>described in http:
//www.openssl.org/news/secadv_20060905.txt -- at least,
>I'm running -current from ~3 weeks ago, and it has
0.9.8b. -current from
>6 Sept seems to have the fix; I suspect that it will
need to be pulled up
>into all current versions.
These were pulled up according to the tickets on the releng
site, e.g.
http://releng.netbsd.org/cgi-bin/req-2-0.cgi?show=10690
http://releng.netbsd.org/cgi-bin/req-3.cgi?show=1504
h
ttp://releng.netbsd.org/cgi-bin/req-4.cgi?show=136
the actual advisory notices just haven't come out yet.
Looks like there
have been a bunch of security pullups of late (one is
pending), so the
advisories will probably appear in a batch.
DHG
|