Thanks for the quick reaction!! Daniel Juyung Seo (SeoZ) On Apr 10, 2014 4:24 AM, "Bertrand Jacquin" <be...@meleeweb.net> wrote:
> Hi, > > As many of you may have be noticed by more conventional way, a serious > issue in OpenSSL have been announced sunday that lead to information > leak like SSL private certificate, any HTTP POST data but not only > limited to this. > > This weakness is present in OpenSSL since two years. More detailed > information about CVE-2014-0160 are available at http://heartbleed.com > > All Enlightenment platforms have the fix applied since 04/07 at 12:00 > UTC. Also Enlightenment SSL certificate and private key have been > regenerated. > > You can verify by yourself using these test URL > > https://www.ssllabs.com/ssltest/analyze.html?d=enlightenment.org > http://filippo.io/Heartbleed/#enlightenment.org > > We don't use SSL to protect any sensitive data in Enlightenment, > but only as a channel to protect your authentication credentials on > services provided by Enlightenment. > > Your passwords are considered as being stolen and no more private. A > malicious user may have retrieve your credentials without needing your > help. We highly recommend you to change their passwords as soon as > possible. This means any account you have on Phabricator, Jenkins etc .. > > This issue is not dedicated to Enlightenment but is a general to all > applications using OpenSSL over the world. We can only advise you to > verify with previous links for other services provided with OpenSSL you > use that they have correctly applied needed fix and to change your > passwords once they have applied fix and change their certificates. > > -- > Beber > > > ------------------------------------------------------------------------------ > Put Bad Developers to Shame > Dominate Development with Jenkins Continuous Integration > Continuously Automate Build, Test & Deployment > Start a new project now. Try Jenkins in the cloud. > http://p.sf.net/sfu/13600_Cloudbees > _______________________________________________ > enlightenment-devel mailing list > enlightenment-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel