Hacker News new | past | comments | ask | show | jobs | submit login

From the CloudFlare blog: "This bug fix is a successful example of what is called responsible disclosure".

I just discovered this now and

    yum info openssl
Yields 1.0.1e as available package which is vulnerable. I guess not all "stakeholders" have been warned properly - or am I jumping to conclusions?



Apparently Red Hat, Debian, and Ubuntu weren't (from what I gather from reading mailing list posts) -- no idea who else.

That's not responsible at all, IMO. Whoever was in charge of this (NCSC-FI?) isn't very good at coordinating.




Note that distributions usually don't change the library version, they just apply the fix. Look for distribution-specific sub-version.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: