Date: Wed, 09 Apr 2014 12:02:09 +0530 From: Huzaifa Sidhpurwala <huzaifas@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 On 04/09/2014 01:07 AM, Yves-Alexis Perez wrote: > Mon, 07 Apr 2014 06:10 : Huzaifa Sidhpurwala sends a mail to distros > list with no details but an offer to request > them privately After i sent a mail to distros, i was contacted by security engineers from most major distributions. I answered most of the them as soon as i could with complete details including the upstream patch. Some of them mailed during my night time. I saw these emails the next day, and it was pointless to answer them at that time, since the issue was already public. -- Huzaifa Sidhpurwala / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ