Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 7 Apr 2014 14:00:53 -0700
From: Alex Gaynor <alex.gaynor@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information
 disclosure CVE-2014-0160

To my knowledge, the OpenSSL team does not maintain a pre-notification list
of any sort (I maintain a library which critically depends on OpenSSL and
we investigated getting on to such a list).

Alex


On Mon, Apr 7, 2014 at 1:56 PM, Reed Loden <reed@...dloden.com> wrote:

> I just asked around on IRC, and one of the Ubuntu guys said they didn't
> get any prior notification of this, so fixed packages won't be out
> until tomorrow at the earliest (for Ubuntu).
>
> Was this not coordinated with the distros at all? If not, that seems
> like major fail on the reporters and NCSC-FI's part. :/
>
> 2c,
> ~reed
>
> On Mon, 7 Apr 2014 21:43:46 +0200
> Tomas Hoger <thoger@...hat.com> wrote:
>
> > Hi!
> >
> > There's a new OpenSSL release 1.0.1g that fixes information leak issue:
> >
> > http://www.openssl.org/news/secadv_20140407.txt
> > http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902
> > http://heartbleed.com/
> >
> > --
> > Tomas Hoger / Red Hat Security Response Team
>



-- 
"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: 125F 5C67 DFE9 4084

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ