On 04/09/2014 03:26 PM, leif wrote: > kcrisman wrote: >> http://www.zdnet.com/heartbleed-serious-openssl-zero-day-vulnerability-revealed-7000028166/ >> >> Apparently this is a real vulnerability in OpenSSL. > > We should certainly update the optional OpenSSL spkg (last updated on > trac to 1.0.1c, Volker upgraded it to 1.0.1e upon the switch to git). >
I'm pretty sure you meant 'g' not 'c', but just to be sure, that's the safe version. The big issue with this bug is not patching OpenSSL. Any private keys (to e.g. SSL certificates) or passwords any of us have used on the web in the past two years are potentially compromised and should be changed. It's an incredible amount of work. -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at http://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
