On 8 April 2014 14:45, Nathan Dorfman <na@rtfm.net> wrote: > Are you sure about that? The only email I saw stated that FreeBSD 8.x > and 9.x weren't vulnerable because they were using an older OpenSSL, > from before the vulnerability was introduced. That is correct. > FreeBSD 10-STABLE, on the other hand, seems to use the vulnerable > OpenSSL 1.0.1e, and I didn't immediately see OPENSSL_NO_HEARTBEATS in > the Makefile there. So I may well be missing something, but it looks > vulnerable at first glance. Also correct. I see that the fixes were committed a few minutes ago: FreeBSD current: r2642675 http://svnweb.freebsd.org/base?view=revision&revision=264265 FreeBSD stable/10: r2642676 http://svnweb.freebsd.org/base?view=revision&revision=264266 FreeBSD 10.0: r264267 http://svnweb.freebsd.org/base?view=revision&revision=264267 _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"