On Tue, 25 Oct 2016, Daniel Stenberg wrote:
I'm forwarding this just to make sure you all are aware - this is not what I normally do with bugs. The mbedTLS crypto backend is obviously brand new so this flaw shouldn't hurt anyone's use of libssh2 in production but should perhaps make you pause if you had plans to.
Hm, okay I trigged really fast due to the possible importance but the bug was closed again... Sorry for being alarmist. But let's keep our eyes open and I think it is reasonable to be careful with a brand new backend like this.
-- / daniel.haxx.se _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
