http://heartbleed.com/
Mike Tancsa
mike at sentex.net
Tue Apr 8 13:45:45 UTC 2014
On 4/7/2014 5:02 PM, Xin Li wrote:
>>
>> The implications of this vulnerability are pretty massive,
>> certificates will need to be replaced and so on. I don't want to
>> repeat the page, so go read that.
>
> We are already working on this but building, reviewing, etc. would
> take some time.
>
> Attached is the minimal fix (extracted from upstream git repository)
> we are intending to use in the advisory for those who want to apply a
> fix now, please DO NOT use any new certificates before applying fixes.
Hi,
I am trying to understand the implications of this bug in the context
of a vulnerable client, connecting to a server that does not have this
extension. e.g. a client app linked against 1.xx thats vulnerable
talking to a server that is running something from RELENG_8 in the base
(0.9.8.x). Is the server still at risk ? Will the client still bleed
information ?
---Mike
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
More information about the freebsd-security
mailing list