On Wed, Jun 11, 2014 at 07:07:09PM +, Scott Neugroschl wrote:
> We are aware of this, and are looking to upgrade. Does anyone
> have a recommendation as to 0.9.8 vs 1.0.0 (1.0.1 is too bleeding
> edge)? If you have a recommendation, may I ask what led you to
> choose that path?
I would reco
>From Victor:
>On Wed, Jun 11, 2014 at 04:09:47PM +, Scott Neugroschl wrote:
>> I know 0.9.7 is no longer under development, but for various reasons,
>> I have an app that is still using 0.9.7g.
>> Is 0.9.7g subject to the vulnerability from CVD-0214-0224?
>There are I expect many unresolve
On Wed, Jun 11, 2014 at 04:09:47PM +, Scott Neugroschl wrote:
> I know 0.9.7 is no longer under development, but for various
> reasons, I have an app that is still using 0.9.7g.
> Is 0.9.7g subject to the vulnerability from CVD-0214-0224?
There are I expect many unresolved issues (even if not
On Wed, Jun 11, 2014, Scott Neugroschl wrote:
> Hi guys,
>
> I know 0.9.7 is no longer under development, but for various reasons, I have
> an app that is still using 0.9.7g.
> Is 0.9.7g subject to the vulnerability from CVD-0214-0224?
>
I think you mean CVE-2014-0224. Yes it is vulnerable as
I've also added these into the wiki at
http://wiki.openssl.org/index.php/SECADV_20140605 - so that others
looking back through the issues can find a handy reference to the
additional information from various locations - the link at
http://wiki.openssl.org/index.php/Security_Advisories basically not
On Thu, Jun 5, 2014 at 4:49 PM, Salz, Rich wrote:
>> Can anyone explain the vulnerability?
>
> A handful of links
>
> Here's the timeline, a public document:
> https://plus.google.com/u/0/+MarkJCox/posts/L8i6PSsKJKs
>
> And this blog entry from the guy who found the bug. BTW, it's 16 year
I am also quite curious.
Also, how long has this exploit been around, and could hackers have
exploited this already?
2014-06-05 22:46 GMT+02:00 Jeffrey Walton :
> CVE-2014-0224 looks like an interesting issue
> (https://www.openssl.org/news/secadv_20140605.txt):
>
> An attacker using a caref
> Can anyone explain the vulnerability?
A handful of links
Here's the timeline, a public document:
https://plus.google.com/u/0/+MarkJCox/posts/L8i6PSsKJKs
And this blog entry from the guy who found the bug. BTW, it's 16 years old.
http://ccsinjection.lepidum.co.jp/blog/2014-06-
