Nmap Development mailing list archives
Re: [nmap-svn] r32790 - in nmap-mswin32-aux/OpenSSL: bin include/openssl lib lib/engines
From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 07 Apr 2014 15:19:00 -0500
On 04/06/2014 04:46 AM, commit-mailer () nmap org wrote:
Great! Unfortunately, this hit today: https://www.openssl.org/news/secadv_20140407.txtAuthor: robert Date: Sun Apr 6 09:46:12 2014 New Revision: 32790 Log: Upgraded the included OpenSSL on Windows to version 1.0.1f.
Memory leak through the TLS Heartbeat extension. Probably not a big deal for our users, but the advisory *does* say it affects clients. Any idea how quick an upgrade or the -DOPENSSL_NO_HEARTBEATS workaround would take?
Also, anyone want to tackle an exploit script for this? :) Dan _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [nmap-svn] r32790 - in nmap-mswin32-aux/OpenSSL: bin include/openssl lib lib/engines Daniel Miller (Apr 07)
- Re: [nmap-svn] r32790 - in nmap-mswin32-aux/OpenSSL: bin include/openssl lib lib/engines Daniel Miller (Apr 07)