I receive daily email from the host which normally shows port audits and vu= lnerabilities. However, I did not sport anything related to CVE-2014-0160 i= n this email. I expected the same info comes in this email about the base s= ystem as well. How do you normally inform about recent vulnerability in the base system? (= I believe newspaper and TV is not the best way...) Cheers B. ---------------------------------------- > Subject: Re: CVE-2014-0160? > From: kpaasial@icloud.com > Date: Fri, 11 Apr 2014 16:12:36 +0300 > To: sbremal@hotmail.com > CC: freebsd-security@freebsd.org > > > On 11.4.2014, at 15.53, sbremal@hotmail.com wrote: > >> ext 65281 (renegotiation info, length=3D1) >> ext 00011 (EC point formats, length=3D4) >> ext 00035 (session ticket, length=3D0) >> ext 00015 (heartbeat, length=3D1) <-- Your server supports heartbeat. Bu= g is possible when linking against OpenSSL 1.0.1f or older. Let me check. >> Actively checking if CVE-2014-0160 works: Your server appears to be patc= hed against this bug. >> >> K=F6sz! ;-) >> >> Is there any reason why nightly security patches are not enabled by defa= ult in FreeBSD? >> >> >> Cheers >> B. >> > > Why do you make such claim? The security patches are very much =93enabled= =94 (by using your words) in FreeBSD by default. This assuming that you are= in fact aware of the update methods that are available and how they work. = And for the update methods and how they work there=92s a tremendous amount = of information out there, even translated to your native language in some c= ases if the language barrier is a problem for you. > > -Kimmo = _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"