[Haifux] More information about latest OpenSSL/OpenSSH/OpenVPN vulnerabilities?
tzafrir at cohens.org.il
Sun May 18 10:58:05 MSD 2008
On Wed, May 14, 2008 at 03:15:18PM +0300, Dotan Cohen wrote:
> 2008/5/14 Eli Billauer <eli at billauer.co.il>:
> > What really beats me, is why the original bug (consuming uninitialized
> > data) wasn't fixed in the main branch in the first place (which, I
> > understand, happened at a later stage) rather than in a local patch.
> Debian does not often push patches upstream. This was widely discussed
> in the relevant /. article. It's a great read:
> http://it.slashdot.org/article.pl?sid=08/05/13/1533212 (as posted
> earlier in the thread)
And you actually believe everything they write on Slashdot?
(That is to say: no decent references over there)
Tzafrir Cohen | tzafrir at jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir at cohens.org.il | | best
ICQ# 16849754 | | friend
More information about the Haifux