El día Wednesday, April 09, 2014 a las 01:05:22AM -0700, monloi perez 

> True. Thanks for the quick reply.
> On Wednesday, April 9, 2014 3:33 PM, Alan Buxey <a.l.m.bu...@lboro.ac.uk> 
> wrote:
> https://www.openssl.org/news/changelog.html
> 1.0.1 introduced the heartbeat support.
> 1.0.0 and earlier are fortunate in that they didnt have it.....but then they 
> didnt have things to stop you from being BEASTed so some you win, some you 
> lose. ;)
> alan


As you can read in the above change log, heartbeat support was
introduced in version 1.0.1 of openssl. Does this mean that also the bug
was introduced with this version in March 2012, or was it later?

What is the exact bug, can someone show a svn/git diff of the first
source version having the bug?

Is it possible that the bug was introduced with intention (to make
use of it later)?

Here in Germany in the news we have rumor, that the bug was used by NSA,
of course the American Goverment says no.



Matthias Apitz               |  /"\   ASCII Ribbon Campaign:
E-mail: g...@unixarea.de     |  \ /   - No HTML/RTF in E-mail
WWW: http://www.unixarea.de/ |   X    - No proprietary attachments
phone: +49-170-4527211       |  / \   - Respect for open standards
                             | en.wikipedia.org/wiki/ASCII_Ribbon_Campaign
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to