[tahoe-lafs-trac-stream] [Tahoe-LAFS] #2215: mitigate heartbleed vulnerability
Tahoe-LAFS
trac at tahoe-lafs.org
Fri Apr 11 16:22:01 UTC 2014
#2215: mitigate heartbleed vulnerability
--------------------------+----------------------------------------------
Reporter: daira | Owner:
Type: defect | Status: new
Priority: critical | Milestone: 1.11.0
Component: code | Version: 1.10.0
Resolution: | Keywords: security pyopenssl review-needed
Launchpad Bug: |
--------------------------+----------------------------------------------
Comment (by daira):
The current branch implements a different policy:
* versions 0.9.8y+ in the 0.9.8 series are allowed;
* versions 1.0.0l+ in the 1.0.0 series are allowed;
* versions 1.0.1d through 1.0.1f are allowed iff compiled with
-DOPENSSL_NO_HEARTBEATS or with a build date on or after 6 April 2014;
* versions 1.0.1g+ are allowed.
Also,
* the error handling has changed;
* there are more tests covering the cases above.
Re-review needed.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2215#comment:4>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list