----- Original Message ----- From: "Karl Denninger" <[email protected]> On 4/9/2014 9:21 AM, Zoran Kolic wrote: >> Advisory claims 10.0 only to be affected. Patches to >> branch 9 are not of importance on the same level? >> >> > 9 (and before) were only impacted if you loaded the newer OpenSSL from > ports. A fair number of people did, however, as a means of preventing > BEAST attack vectors. > > If you did, then you need to update that and have all your private keys > re-issued. If you did not then you never had the buggy code in the > first place. Actually they are vulnerable without any ports install just not to CVE-2014-0160 only CVE-2014-0076, both of which where fixed by SA-14:06.openssl Regards Steve _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"