Hi Everyone,
Stack Overflow gets a fair number of these questions on queue with the
latest OpenSSL vulnerabilities:
http://stackoverflow.com/questions/36350787/android-vitamio-5-0-0-and-vulnerable-version-of-openssl.
(For similar questions, see
http://stackoverflow.com/questions/linked/24197777?lq=1).
Early in the email it states:
Please migrate your app(s) to OpenSSL 1.02f/1.01r or
higher as soon as possible and increment the version
number of the upgraded APK...
It appears a non-trivial segment of the developers don't quite
understand what's going on.
Please consider changing the message to include actionable items of 1)
update your IDE and 2) update your SDKs. Maybe something like:
Please migrate your app(s) to OpenSSL 1.02f/1.01r or
higher as soon as possible and increment the version
number of the upgraded APK. This may mean you
have to update your IDE and SDKs if you are not
including OpenSSL directly.
Thanks in advance,
Jeff
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to android-security-discuss+unsubscr...@googlegroups.com.
Visit this group at https://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
