On Sat, Apr 12, 2014 at 10:08 PM, Ben Reser bre...@apache.org wrote:
This specific issue lies in the implementation of a feature of the SSL/TLS
protocols. Apache HTTP Servers running mod_ssl to provide SSL/TLS are
vulnerable. While svnserve does support encryption via Cyrus SASL, and Cyrus
On Sun, Apr 13, 2014 at 07:21:26AM -0400, Nico Kadel-Garcia wrote:
I'm assuming that the vulnerability for particular httpd (Apache 2.x)
web servers is *only* activated when the mod_ssl module is loaded,
Yes. The server must perform TLS negotiation using a vulnerable
OpenSSL version. Data
[I'm not currently a subscriber to the mailing list, so please copy me
explicitly.]
I'm not able to merge a working directory in Subversion 1.8.8. There are
frequent changes
to ~10.5 Mb binary files there, which SVN cannot automatically resolve, and
there's a long
delay right before the