Re: [Assp-test] Perl and HeartBleed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/10/2014 06:36 AM, Grayhat wrote: > basically, the issue is due to a bug affecting the *whole* OpenSSL > 1.0.0x series and causing the libs to disclose data; [...] > Not quite. It affects v1.0.1 through 1.0.1f. - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlNGyLYACgkQzTcr8Prq0ZOSGACgkjog9tkjqFyFWtUsC89QtxqE DocAoJoVFmg9piYjSk7YozRJxTau+Glz =8SK1 -END PGP SIGNATURE- -- Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] Perl and HeartBleed
Folks, not sure you followed the lates security issue regarding OpenSSL, if you didn't, have a look here http://heartbleed.com/ http://filippo.io/Heartbleed/ https://github.com/FiloSottile/Heartbleed basically, the issue is due to a bug affecting the *whole* OpenSSL 1.0.0x series and causing the libs to disclose data; now, patching is a need, not an option, but what about ASSP ? See, if you try looking at the Perl folder (e.g. ActivePerl on 2k8) you'll find a bunch of OpenSSL DLLs spread around inside a number of different folders... so, HOW do you patch that beast so that ASSP is *not* vulnerable ? -- Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test