On 15 October 2014 16:31, Burton, Ross wrote:
> There's a openssl 1.0.1j out now (fixing FOUR (!) CVEs, including
> "disabling SSLv3 didn't work"...). I think considering the situation
> we'd take the upgrade for dizzy, even though we've frozen. Anyone
> volunteering to take lead of upgrading di
On 16 October 2014 17:09, Sona Sarmadi wrote:
> Do you know if gnutls implements the SSLv3 protocol? I don't see any new
> security updates for gnutls (related to the SSLv3 vulnerability) ?
Yes it does, and no there isn't.
Ross
--
___
yocto mailing
Ross,
> > Presumably the list of affected packages is:
> > - gnutls
> > - openssl
> > - nss
>
> There's a openssl 1.0.1j out now (fixing FOUR (!) CVEs, including "disabling
> SSLv3 didn't work"...). I think considering the situation we'd take the
> upgrade for dizzy, even though we've frozen. A
Hi Ross
> There's a openssl 1.0.1j out now (fixing FOUR (!) CVEs, including "disabling
> SSLv3 didn't work"...). I think considering the situation we'd take the
> upgrade for dizzy, even though we've frozen. Anyone volunteering to take
> lead of upgrading dizzy to 1.0.1j and backporting the rele
On 15 October 2014 11:07, Burton, Ross wrote:
> Presumably the list of affected packages is:
> - gnutls
> - openssl
> - nss
There's a openssl 1.0.1j out now (fixing FOUR (!) CVEs, including
"disabling SSLv3 didn't work"...). I think considering the situation
we'd take the upgrade for dizzy, even
On 15 October 2014 07:48, Sona Sarmadi wrote:
> The advice is: Disable SSLv3.
>
> I created https://bugzilla.yoctoproject.org/show_bug.cgi?id=6843 so we can
> start to work with this immediately.
Presumably the list of affected packages is:
- gnutls
- openssl
- nss
Are there more? Will ENEA b
Hi guys,
Yesterday The Register published this:
http://www.theregister.co.uk/2014/10/14/nasty_ssl_30_vulnerability_to_drop_tomorrow/
and today following was published:
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://googleonlinesecurity.blogspot.de/2014/10/this-poodle-bites-exploiting-ssl-30.
