oss-sec mailing list archives

Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160

From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 08 Apr 2014 23:09:42 +0200

* Vincent Danen:

Mon, 07 Apr 2014 16:53 : Fix is committed to OpenSSL git (not sure if it
                      was public or private at that point)


At this point it was private.


Indeed.  The first public commit notificcation went out around 17:27
UTC.  Ugh, looks like the clock on my mail relay is somewhat off.

(I wonder if the Google folks spotted it on their networks because
someone among the original group tested it against Google
infrastructure. :-)

Current thread:

Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160, (continued)
- - - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Marcus Meissner (Apr 07)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Jussi Eronen (Apr 08)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Yves-Alexis Perez (Apr 08)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Kurt Seifried (Apr 08)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Yves-Alexis Perez (Apr 08)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Solar Designer (Apr 08)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Michal Zalewski (Apr 09)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Jussi Eronen (Apr 25)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Donald Stufft (Apr 08)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Vincent Danen (Apr 08)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Florian Weimer (Apr 08)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Huzaifa Sidhpurwala (Apr 08)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Yves-Alexis Perez (Apr 09)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Huzaifa Sidhpurwala (Apr 09)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Marcus Meissner (Apr 09)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Marc Deslauriers (Apr 09)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 mancha (Apr 09)
- RE: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Bobby Broughton (Apr 08)