Hello, Per the heartbleed vulnerability, I'm looking at a vulneranle pfsense firewall appliance: # /usr/bin/openssl version OpenSSL 0.9.8y 5 Feb 2013 # /usr/local/bin/openssl version OpenSSL 1.0.1e 11 Feb 2013 # ldd /usr/local/sbin/openvpn | grep libssl libssl.so.8 => /usr/local/lib/libssl.so.8 (0x8007e9000) Per Brian Drewery, the port has been fixed, but this appliance does not have ports installed. I see an openssl package here: ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8-stable/Latest/openssl.tbz At this moment, the timestamp is January. Can one reasonably expect that there is a process building updated packages for this branch? Can anyone advise how long before a new openssl package is published here? Or should I spin up an 8.3 box to build a package? Has anyone else here patched a pfsense appliance yet? Last I saw their fix ETA is Thursday. Thanks, -danny -- http://dannyman.toldme.com _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"