Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 09 Apr 2014 23:45:44 +0200
From: Eric Lacombe <goretux@...il.com>
To: oss-security@...ts.openwall.com
Cc: Hanno Böck <hanno@...eck.de>, Yves-Alexis Perez <corsac@...ian.org>
Subject: Re: Heartbleed, clients and Android

Hi,

Le mercredi 9 avril 2014 12:21:29, Hanno Böck a écrit :
[...]
> > > Because the latter
> > > would include Android. We are all pretty aware that android updates
> > > are in large parts nonexistent.
> > 
> > I don't have much clue about Android, but I think I heard heartbeat
> > was disabled in Android, but I don't have a link right now. Also, I'm
> > unsure what actually use libssl in Android and what uses NSS.
> 
> Seems Android disabled Heartbeat in 2012:
> https://android.googlesource.com/platform/external/openssl.git/+/android-4.1
> .2_r1
> 
> Still leaves some android versions as potentially vulnerable.

A recent post from Google security blog

http://googleonlinesecurity.blogspot.fr/2014/04/google-services-updated-to-address.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:
+GoogleOnlineSecurityBlog+(Google+Online+Security+Blog)

Regards,

	Eric

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.