Re: [Monotone-devel] possible SSL compromise

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] possible SSL compromise

From:	Hendrik Boom
Subject:	Re: [Monotone-devel] possible SSL compromise
Date:	Wed, 9 Apr 2014 08:02:45 -0400
User-agent:	Mutt/1.5.21 (2010-09-15)

On Wed, Apr 09, 2014 at 08:42:18AM +0200, Zbigniew Zagórski wrote:
> Hello,
> 
> On Tue, Apr 8, 2014 at 9:25 PM, Hendrik Boom <address@hidden> wrote:
> >
> > I've just heard about a potential vulnerability in OpenSSL.  See
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743883 for the Debian
> > version of this problem.
> >
> > In particular, the message states
> >
> > all
> > keys used with vulnerable processes will need to be replaced both in
> > Debian infrastructure and by all users of this package.
> >
> > I'm wondering whether monotone use is affected by this problem.
> 
> Monotone doesn't use TLS and thus openssl implemtentation of TLS and the
> bug in question specific to TLS _extension implementation_ in openssl.
> This is "plain old" buffer overrun, or in this case buffer "overrun" ... [1]

Good.  One less thing to worry  about resecuring.

-- hendrik

[Prev in Thread]

Current Thread

[Next in Thread]

[Monotone-devel] possible SSL compromise, Hendrik Boom, 2014/04/08
- Re: [Monotone-devel] possible SSL compromise, Zbigniew Zagórski, 2014/04/09
  - Re: [Monotone-devel] possible SSL compromise, Hendrik Boom <=

Prev by Date: Re: [Monotone-devel] possible SSL compromise
Next by Date: [Monotone-devel] preparing for release 1.1
Previous by thread: Re: [Monotone-devel] possible SSL compromise
Next by thread: [Monotone-devel] preparing for release 1.1
Index(es):
- Date
- Thread