On Wed, Jun 11, 2014, Scott Neugroschl wrote:
Hi guys,
I know 0.9.7 is no longer under development, but for various reasons, I have
an app that is still using 0.9.7g.
Is 0.9.7g subject to the vulnerability from CVD-0214-0224?
I think you mean CVE-2014-0224. Yes it is vulnerable as an
On Wed, Jun 11, 2014 at 04:09:47PM +, Scott Neugroschl wrote:
I know 0.9.7 is no longer under development, but for various
reasons, I have an app that is still using 0.9.7g.
Is 0.9.7g subject to the vulnerability from CVD-0214-0224?
There are I expect many unresolved issues (even if not
From Victor:
On Wed, Jun 11, 2014 at 04:09:47PM +, Scott Neugroschl wrote:
I know 0.9.7 is no longer under development, but for various reasons,
I have an app that is still using 0.9.7g.
Is 0.9.7g subject to the vulnerability from CVD-0214-0224?
There are I expect many unresolved issues
On Wed, Jun 11, 2014 at 07:07:09PM +, Scott Neugroschl wrote:
We are aware of this, and are looking to upgrade. Does anyone
have a recommendation as to 0.9.8 vs 1.0.0 (1.0.1 is too bleeding
edge)? If you have a recommendation, may I ask what led you to
choose that path?
I would
Can anyone explain the vulnerability?
A handful of links
Here's the timeline, a public document:
https://plus.google.com/u/0/+MarkJCox/posts/L8i6PSsKJKs
And this blog entry from the guy who found the bug. BTW, it's 16 years old.
I am also quite curious.
Also, how long has this exploit been around, and could hackers have
exploited this already?
2014-06-05 22:46 GMT+02:00 Jeffrey Walton noloa...@gmail.com:
CVE-2014-0224 looks like an interesting issue
(https://www.openssl.org/news/secadv_20140605.txt):
An
On Thu, Jun 5, 2014 at 4:49 PM, Salz, Rich rs...@akamai.com wrote:
Can anyone explain the vulnerability?
A handful of links
Here's the timeline, a public document:
https://plus.google.com/u/0/+MarkJCox/posts/L8i6PSsKJKs
And this blog entry from the guy who found the bug. BTW, it's
I've also added these into the wiki at
http://wiki.openssl.org/index.php/SECADV_20140605 - so that others
looking back through the issues can find a handy reference to the
additional information from various locations - the link at
http://wiki.openssl.org/index.php/Security_Advisories basically