this particular advisory doesn't affect us, but in any case we are already up-to-date. :)
** Visibility changed to: Public -- You received this bug notification because you are a member of Dcplusplus-team, which is a direct subscriber. https://bugs.launchpad.net/bugs/676246 Title: OpenSSL Update / Bzip2 Update (Critical) Status in DC++: Fix Committed Bug description: A flaw has been found in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. The OpenSSL security team would like to thank Rob Hulswit for reporting this issue. The fix was developed by Dr Stephen Henson of the OpenSSL core team. This vulnerability is tracked as CVE-2010-3864 http://openssl.org/news/secadv_20101116.txt Bzip2: Version 1.0.6 removes a potential security vulnerability, CVE-2010-0405, so all users are recommended to upgrade immediately. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405 _______________________________________________ Mailing list: https://launchpad.net/~linuxdcpp-team Post to : [email protected] Unsubscribe : https://launchpad.net/~linuxdcpp-team More help : https://help.launchpad.net/ListHelp
