Openssl heartbleed

Adam Williamson awilliam at redhat.com
Wed Apr 9 03:46:03 UTC 2014


On Tue, 2014-04-08 at 18:47 -0700, Gregory Maxwell wrote:
> On Tue, Apr 8, 2014 at 6:44 PM, Chuck Forsberg WA7KGX <caf at omen.com> wrote:
> > According to the announcement, that version is vulnerable.
> > Of the 1.01 versions, only 1.01g is saf(er).
> 
> RedHat backported the fix as the openssl in fedroda/rhel is carrying a
> ton of patches.
> 
> I expect this is going to cause a lot of confusion.

I don't see why. Backporting security fixes is standard procedure and
has been for decades. It would be extremely irresponsible to just shove
out a new and untested openssl build as a stable update.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net



More information about the test mailing list