Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [nmap-svn] r32790 - in nmap-mswin32-aux/OpenSSL: bin include/openssl lib lib/engines

From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 07 Apr 2014 15:50:56 -0500
On 04/07/2014 03:19 PM, Daniel Miller wrote:

On 04/06/2014 04:46 AM, commit-mailer () nmap org wrote:

Author: robert
Date: Sun Apr  6 09:46:12 2014
New Revision: 32790

Log:
Upgraded the included OpenSSL on Windows to version 1.0.1f.
Great! Unfortunately, this hit today: https://www.openssl.org/news/secadv_20140407.txt
Memory leak through the TLS Heartbeat extension. Probably not a big deal for our users, but the advisory *does* say it affects clients. Any idea how quick an upgrade or the -DOPENSSL_NO_HEARTBEATS workaround would take? 

Also, anyone want to tackle an exploit script for this? :)

Dan


Wow, that was fast. Fixed in r32792. Thanks Rob!

Dan
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: