oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160

From: Marcus Meissner <meissner () suse de>
Date: Wed, 9 Apr 2014 11:27:51 +0200
On Wed, Apr 09, 2014 at 01:12:53PM +0530, Huzaifa Sidhpurwala wrote:

On 04/09/2014 01:02 PM, Yves-Alexis Perez wrote:

On Wed, Apr 09, 2014 at 12:02:09PM +0530, Huzaifa Sidhpurwala wrote:

On 04/09/2014 01:07 AM, Yves-Alexis Perez wrote:


Mon, 07 Apr 2014 06:10 : Huzaifa Sidhpurwala sends a mail to distros
                         list with no details but an offer to request
                         them privately



After i sent a mail to distros, i was contacted by security engineers
from most major distributions. I answered most of the them as soon as i
could with complete details including the upstream patch.


I'm not sure who are “most major distributions”. We failed to reply in a
timely fashion to that mail (but that's on us), but apparently so did
Ubuntu, Suse sent a mail but got apparently no reply.



I have a list of people who asked and whom i answered, but i want to
restraint going into it now.

Suse was replied to via security () suse de :)


We did receive a reply, yes.

Ciao, Marcus
Previous By Date Next
Previous By Thread Next

Current thread: