[Ach] openssl again
Seth
list at sysfu.com
Mon Jan 12 02:09:18 CET 2015
On Sun, 11 Jan 2015 10:58:55 -0800, Kurt Roeckx <kurt at roeckx.be> wrote:
> I see several options:
> - You look from statements from libressl about it
> (Couldn't find any good source, the only statements I could find
> seems bogus.)
> - You look at the patch and see if it applies.
>
> So I've actually been looking at it. I see one source that claims
> they fixed one of the issues. (Actually reading what he says
> seems to say that fixed all those issues in a single commit.) But
> if you actually look at the patch he points to it fixes a missing
> SSLerr() call and doesn't fix anything else.
>
> In fact, for all those issues that I looked at, as far as I can see,
> libressl is vulnerable and still didn't fix them.
I just found this tweet by Bob Beck claiming that they were pretty much
all fixed in LibreSSL May 26th 2014.
https://twitter.com/bob_beck/status/553233391164743682
More information about the Ach
mailing list