[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: some FreeBSD ./configure problems
From: |
Mark . Burgess |
Subject: |
Re: some FreeBSD ./configure problems |
Date: |
Thu, 1 Aug 2002 15:16:02 +0200 (MET DST) |
I don't think that any of the vulnerabilities apply to cfengine,
since only low level functions are used. None of the SSL/TLS
code is used.
M
On 1 Aug, David J. Bianco wrote:
> On Thu, 2002-08-01 at 07:49, address@hidden wrote:
>>
>> > (1) cfengine depends on OpenSSL-0.9.6b but FreeBSD-STABLE only has 0.9.6a.
>> > I've looked at the OpenSSL ChangeLog and there don't appear to be any
>> > pressing reasons to require the later version, so could this be relaxed for
>> > convenience sake?
>>
>> I think this might be ok, after all.
>
> Just a reminder, all versions prior to 0.9.6e (including the 0.7 beta)
> have some serious security vulnerabilities which were announce this
> week. I don't know if cfengine is using any of the pieces that have
> problems, but I think it's safe to say you should probably link anything
> you compile now to 0.9.6e or later.
>
> David
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272 Email: address@hidden
Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~