206608 – security/openssl: Update to 1.0.2f (Fixes security vulnerability)

Bug 206608 - security/openssl: Update to 1.0.2f (Fixes security vulnerability)

Summary: security/openssl: Update to 1.0.2f (Fixes security vulnerability)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Dirk Meyer

URL:	https://mta.openssl.org/pipermail/ope...
Keywords:	security

Depends on:
Blocks:	206607
	Show dependency tree / graph

Reported:	2016-01-25 13:52 UTC by Kubilay Kocak
Modified:	2016-01-29 09:33 UTC (History)
CC List:	2 users (show)

See Also:	206610

Flags:	koobs: maintainer-feedback+ koobs: merge-quarterly+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kubilay Kocak freebsd_committer

2016-01-25 13:52:16 UTC

Security releases due 28th Jan 2016

See meta parent bug: 206607 to liaise with secteams

Comment 1 Dirk Meyer freebsd_committer

2016-01-28 19:43:16 UTC

LibreSSL seems to be affected.

http://intothesymmetry.blogspot.de/2016/01/openssl-key-recovery-attack-on-dh-small.html

Comment 2 Dirk Meyer freebsd_committer

2016-01-28 19:44:43 UTC

A fix was commited and merged to 2016Q1

Comment 3 Kubilay Kocak freebsd_committer

2016-01-29 09:33:40 UTC

Merged to quarterly as comment 2