科技回声

LibreSSL seemed to be pulling ahead with two of the OpenSSL vulnerabilities not applicable.<p>It irks me that OpenSSL would keep a vulnerability from the LibreSSL team since August. I hope people using OpenSSL will begin to switch over now. LibreSSL has shown that it is no going away, and that it approaches security in a far better way.

I just updated and recompiled everything a few days ago. Bad timing. Kinda sucks that manual patching is a pain a lot of the time, but oh well, dependencies will do that I guess.

Seems like the OpenBSD guys are a little bitter. And rightfully so. OpenSSL has a lot of improvement work to do - both with their code base and their collaboration efforts.

> We did not merge this because it gave miod@ a bad feeling.<p>Not even sure what the right reaction to that is. On one hand, good for you for skipping an insecure patch but on the other hand, only a bad feeling? You didn't realize it's a security hole?

Looks like they have a typo in the CVE numbers.<p>CVE-2015-13XX should be CVE-2015-31XX.

I just updated and recompiled everything a few days ago. Bad timing. Kinda sucks that manual patching is a pain a lot of the time, but oh well, dependencies will do that I guess.

Seems like the OpenBSD guys are a little bitter. And rightfully so. OpenSSL has a lot of improvement work to do - both with their code base and their collaboration efforts.

Looks like they have a typo in the CVE numbers.<p>CVE-2015-13XX should be CVE-2015-31XX.

OpenBSD errata

5 条评论

OpenBSD errata

5 条评论