It is what I understood too :P Frédéric THOMAS
> Date: Fri, 13 Jun 2014 14:01:42 +0100 > From: [email protected] > To: [email protected] > Subject: Re: R: R: Alert from Google app store - vulnerable OpenSSL version > > On 13/06/14 13:49, Frédéric THOMAS wrote: > > - We are aware of openSSL 1.0.1h version and the updated AIR SDK will be > > available soon. > > - For mobile applications the AIR SDK 14.0.0.110 is enough and you don't > > need to update the openSSL on pc. > > - The openSSL is bundled in the application so the captive application is > > also good to go. > > Except, AIR 14 includes "OpenSSL 1.0.1g 7 Apr 2014" and the OpenSSL > advisory says "OpenSSL 1.0.1 SSL/TLS users (client and/or server) should > upgrade to 1.0.1h", which means just using AIR v14 isn't enough, you > would think, and Adobe will need to push out a AIR 14.1 patch release. > > Tom >
