oss-sec mailing list archives

Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160

From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Wed, 09 Apr 2014 12:02:09 +0530

On 04/09/2014 01:07 AM, Yves-Alexis Perez wrote:

Mon, 07 Apr 2014 06:10 : Huzaifa Sidhpurwala sends a mail to distros
                         list with no details but an offer to request
                         them privately



After i sent a mail to distros, i was contacted by security engineers
from most major distributions. I answered most of the them as soon as i
could with complete details including the upstream patch.

Some of them mailed during my night time. I saw these emails the next
day, and it was pointless to answer them at that time, since the issue
was already public.



-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team

Current thread:

Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160, (continued)
- - - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Jussi Eronen (Apr 08)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Yves-Alexis Perez (Apr 08)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Kurt Seifried (Apr 08)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Yves-Alexis Perez (Apr 08)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Solar Designer (Apr 08)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Michal Zalewski (Apr 09)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Jussi Eronen (Apr 25)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Donald Stufft (Apr 08)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Vincent Danen (Apr 08)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Florian Weimer (Apr 08)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Huzaifa Sidhpurwala (Apr 08)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Yves-Alexis Perez (Apr 09)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Huzaifa Sidhpurwala (Apr 09)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Marcus Meissner (Apr 09)
    - Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Marc Deslauriers (Apr 09)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 mancha (Apr 09)
- RE: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Bobby Broughton (Apr 08)