Tim, Thanks a lot for the heads-up. Apparently, I saw it here before I saw it through the "proper" channels.
Strictly speaking it is not a "zero-day", as it was introduced in the version 1.0.1, and the earlier versions are not vulnerable. (I haven't seen any discussion of this yet, but I wouldn't be too surprised if the NSA had known about this bug way before the disclosure.) Cheers, Igor On 4/7/2014 8:13 PM, Tim Bray wrote: > In the unlikely event that any of you run https-enabled web sites and > haven't visited heartbleed.com today, get thee over there post-haste > and find out what version of OpenSSL you're running and consider > replacing your certs, stat. > > I'm not sure I've ever seen a more damaging zero-day. > -- PDML Pentax-Discuss Mail List PDML@pdml.net http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
