Re: [Fed-Talk] Vulnerability Management (Repost)
Re: [Fed-Talk] Vulnerability Management (Repost)
- Subject: Re: [Fed-Talk] Vulnerability Management (Repost)
- From: Gregory John Orris <email@hidden>
- Date: Mon, 7 Jun 2010 11:30:52 -0400
Not to drag this up again, but I recently was forced to spend a week responding to a Retina scan. May I just state that the concept of proving a negative is a bit foreign to any logical person, but I digress.
With respect to the OpenSSL CVE-2010-0740 error, it appears that Appel is well aware of this and has at least included the patch from the OpenSSL web site in the Open Source version of 10.6.3. However, the issue there is that they have unwittingly left the OpenSSL version on the Open Source version of 10.6.3 at OpenSSL 0.9.6l. This is different from the version installed with Snow Leopard as it is, 0.9.8l, and would undoubtably cause a host of other red flags from Retina.
Just thought I'd through this out there, as it would seem to imply that Apple is at least aware of this bug and has probably fixed it but not released it.
Gregory J. Orris, Ph.D. Acoustics Division Naval Research Laboratory 4555 Overlook Avenue SW Washington, DC 20375 Tel: +1 202.767.1741 FAX: +1 202.404.7732 e-mail:email@hidden
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden