On 4/7/2014 5:02 PM, Xin Li wrote:
The implications of this vulnerability are pretty massive,
certificates will need to be replaced and so on. I don't want to
repeat the page, so go read that.
We are already working on this but building, reviewing, etc. would
take some time.
Attached is the minimal fix (extracted from upstream git repository)
we are intending to use in the advisory for those who want to apply a
fix now, please DO NOT use any new certificates before applying fixes.
Hi,
I am trying to understand the implications of this bug in the context
of a vulnerable client, connecting to a server that does not have this
extension. e.g. a client app linked against 1.xx thats vulnerable
talking to a server that is running something from RELENG_8 in the base
(0.9.8.x). Is the server still at risk ? Will the client still bleed
information ?
---Mike
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, [email protected]
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
