On Tue, Apr 8, 2014, at 12:17 AM, Roger Dingledine wrote:
> A new OpenSSL vulnerability on 1.0.1 through 1.0.1f is out today,
> which can be used to reveal up to 64kB of memory to a connected client
> or server.
>
> https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
>
> The short versio
from https://blog.torproject.org/blog/openssl-bug-cve-2014-0160 :
>
1. *Clients*: Tor Browser shouldn't be affected, since it uses libnss
rather than openssl. But Tor clients could possibly be induced to send
sensitive information like "what sites you visited in this session" to your
On Tue, Apr 8, 2014, at 02:57 AM, kendrick eastes wrote:
> from https://blog.torproject.org/blog/openssl-bug-cve-2014-0160 :
[edit]
> >
> > So this is the openssl *binary*, the version of which is found by typing
> > openssl version
> > not some library used when compiling Tor?
> > If the latter
On Tue, 08 Apr 2014 13:31:01 +, Geoff Down wrote:
...
> a) whether it's the openssl binary (/usr/bin/openssl) that I need to
> check or some other 'openssl' object
It's not the binary.
> b) if some other object, where is it in OSX10.4 and how do I check the
> version
That depends on whether
