*** This bug is a security vulnerability *** Private security bug reported:
A flaw has been found in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. The OpenSSL security team would like to thank Rob Hulswit for reporting this issue. The fix was developed by Dr Stephen Henson of the OpenSSL core team. This vulnerability is tracked as CVE-2010-3864 http://openssl.org/news/secadv_20101116.txt Bzip2: Version 1.0.6 removes a potential security vulnerability, CVE-2010-0405, so all users are recommended to upgrade immediately. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405 ** Affects: dcplusplus Importance: Critical Assignee: Dcplusplus-team (dcplusplus-team) Status: Confirmed -- OpenSSL Update / Bzip2 Update (Critical) https://bugs.launchpad.net/bugs/676246 You received this bug notification because you are a member of Dcplusplus-team, which is a direct subscriber. Status in DC++: Confirmed Bug description: A flaw has been found in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. The OpenSSL security team would like to thank Rob Hulswit for reporting this issue. The fix was developed by Dr Stephen Henson of the OpenSSL core team. This vulnerability is tracked as CVE-2010-3864 http://openssl.org/news/secadv_20101116.txt Bzip2: Version 1.0.6 removes a potential security vulnerability, CVE-2010-0405, so all users are recommended to upgrade immediately. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405 _______________________________________________ Mailing list: https://launchpad.net/~linuxdcpp-team Post to : [email protected] Unsubscribe : https://launchpad.net/~linuxdcpp-team More help : https://help.launchpad.net/ListHelp
