Another bug on OpenSSL

Reindl Harald h.reindl at thelounge.net
Sun Jun 8 14:45:54 UTC 2014


Am 08.06.2014 16:42, schrieb Reindl Harald:
> Am 08.06.2014 16:21, schrieb Álvaro Castillo:
>> Few days was built an patch to solve an another vulnerability into
>> OpenSSL(http://bits.blogs.nytimes.com/2014/06/05/new-bug-found-in-widely-used-openssl-encryption/?_php=true&_type=blogs&_r=0).
>> Some sources talks about that's bug was discovered a long time ago but
>> does not fixed.
>>
>> However, OpenBSD was created a fork called LibreSSL try to solve this
>> issues. Should Fedora to move LibreSSL (http://www.libressl.org/)? Or
>> still use OpenSSL and wait what's bug could be found today, or
>> tomorrow, or few months to go similar Adobe Flash bugs?
> 
> you realized that LibreSSL *backported* the bugs you are
> talking about?

- backported the bug
+ backported the bugfixes

means there where found and fixed in OpenSSL and *after that* fixed in LibreSSL

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140608/14258d92/attachment.sig>


More information about the devel mailing list