On Fri, Apr 27, 2012 at 3:19 PM, Andrew Kulikov <[email protected]> wrote: > Hello, > > In light of vulnerability CVE-2012-2110 in OpenSSL, what is the strategy of > providing fixes for existing Android versions? > The recommendation (http://www.openssl.org/news/secadv_20120419.txt) is to > upgrade to 0.9.8v, 1.0.0i or 1.0.1a. > Are there any patches available for specific OpenSSL versions on GB and ICS > or the code will be updated to the recommended version? Its not limited to industrial systems - its plagued the mobile space since at least 2004: 'Rise of "forever day" bugs', http://arstechnica.com/business/2012/04/rise-of-ics-forever-day-vulnerabiliities-threaten-critical-infrastructure/..
-- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
