[Haifux] More information about latest OpenSSL/OpenSSH/OpenVPN vulnerabilities?

Tzafrir Cohen tzafrir at cohens.org.il
Sun May 18 10:58:05 MSD 2008

On Wed, May 14, 2008 at 03:15:18PM +0300, Dotan Cohen wrote:
> 2008/5/14 Eli Billauer <eli at billauer.co.il>:
> >  What really beats me, is why the original bug (consuming uninitialized
> >  data) wasn't fixed in the main branch in the first place (which, I
> >  understand, happened at a later stage) rather than in a local patch.
> >
> Debian does not often push patches upstream. This was widely discussed
> in the relevant /. article. It's a great read:
> http://it.slashdot.org/article.pl?sid=08/05/13/1533212 (as posted
> earlier in the thread)

And you actually believe everything they write on Slashdot?

(That is to say: no decent references over there)

Tzafrir Cohen         | tzafrir at jabber.org | VIM is
http://tzafrir.org.il |                    | a Mutt's
tzafrir at cohens.org.il |                    |  best
ICQ# 16849754         |                    | friend

More information about the Haifux mailing list