[Haifux] More information about latest OpenSSL/OpenSSH/OpenVPN vulnerabilities?

Dotan Cohen dotancohen at gmail.com
Wed May 14 16:15:18 MSD 2008


2008/5/14 Eli Billauer <eli at billauer.co.il>:
>  What really beats me, is why the original bug (consuming uninitialized
>  data) wasn't fixed in the main branch in the first place (which, I
>  understand, happened at a later stage) rather than in a local patch.
>

Debian does not often push patches upstream. This was widely discussed
in the relevant /. article. It's a great read:
http://it.slashdot.org/article.pl?sid=08/05/13/1533212 (as posted
earlier in the thread)

Dotan Cohen

http://what-is-what.com
http://gibberish.co.il
א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?


More information about the Haifux mailing list