On 06/06/2014 10:04 PM, Solar Designer wrote: > OpenBSD having declined to use the tool shouldn't be interpreted e.g. by > OpenSSL as a reason not to notify LibreSSL directly.
It seems worth noting that OpenBSD 5.5, the current release that many people are running, incorporates OpenSSL, not LibreSSL. There can't be really any question of OpenBSD users not being affected because they are using a forked version that might not be vulnerable; that fork is still in development. -- Matthew Weigel hacker unique & idempot . ent
