I opened a JTAC case for the same issue. JTAC said their security team is aware of the CVE and they are waiting for fix/recommendation.
-andy On 4/8/14 2:51 PM, "David B Funk" <dbf...@engineering.uiowa.edu> wrote: >We have a SA4500 SSL VPN box with the JTAC recommended 7.4R8.0 release. >Testing by tools such as "https://www.ssllabs.com/ssltest/" shows it to >be vulnerable to the Heartbleed attack (http://heartbleed/). > >Checking software downloads at juniper.net does not even seem to >have an alert for this problem, let alone a fix. > >Does Juniper have a clue about this? >Is anybody else worried? > >-- >Dave Funk University of Iowa ><dbfunk (at) engineering.uiowa.edu> College of Engineering >319/335-5751 FAX: 319/384-0549 1256 Seamans Center >Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 >#include <std_disclaimer.h> >Better is not better, 'standard' is better. B{ >_______________________________________________ >juniper-nsp mailing list juniper-nsp@puck.nether.net >https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp