Contributed by pitrh on from the Bugfix Ha! Bugfix Ho! dept.
Earlier today the OpenSSL project released multiple upgrade versions with fixes for several recently reported bugs in their code base.
The most noteworthy thing is not that the OpenSSL project fixes bugs, but rather that information about the bugs had been privately communicated to a list of vendors that did not include OpenBSD. A seclist discussion reveals the full timeline, while the OpenBSD community's reaction can be gauged by this thread on misc@.
(Comments are closed)