On Wed, Apr 09, 2014 at 08:42:18AM +0200, Zbigniew Zagórski wrote: > Hello, > > On Tue, Apr 8, 2014 at 9:25 PM, Hendrik Boom <hend...@topoi.pooq.com> wrote: > > > > I've just heard about a potential vulnerability in OpenSSL. See > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743883 for the Debian > > version of this problem. > > > > In particular, the message states > > > > all > > keys used with vulnerable processes will need to be replaced both in > > Debian infrastructure and by all users of this package. > > > > I'm wondering whether monotone use is affected by this problem. > > Monotone doesn't use TLS and thus openssl implemtentation of TLS and the > bug in question specific to TLS _extension implementation_ in openssl. > This is "plain old" buffer overrun, or in this case buffer "overrun" ... [1]
Good. One less thing to worry about resecuring. -- hendrik _______________________________________________ Monotone-devel mailing list Monotone-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/monotone-devel