Adam Thompson <[email protected]> writes: > I'm not sure about the test site, but from the looks of things I think if you > upgrade your openssl library you'll be fine.
Ok, here's the message I sent to Karl yesterday: <quote> Well, the freakattack.com site now has a test that doesn't rely on JavaScript. Try fetching the page https://cve.freakattack.com/ If it loads without errors, then your client is vulnerable, and the response is a plain text message saying "vulnerable". On my main machine, there is an error when I try to connect. It looks like this: SSL connect error in libcurl: error:1408D0F4:SSL routines:ssl3_get_key_exchange:unexpected message However, the statically-linked edbrowse binaries are vulnerable. It's been a few months since I've rebuilt them, so I need to refresh all the packages on the virtual build machines and rebuild them. For now, I've just pulled them from the site. </quote> I rebuilt and re-uploaded new static binaries after sending that, so anyone who is using them needs to get the new ones ASAP. As for the rest of us, all we need to do is make sure our libraries are all up to date and free of issues. -- Chris _______________________________________________ Edbrowse-dev mailing list [email protected] http://lists.the-brannons.com/mailman/listinfo/edbrowse-dev
