[tahoe-lafs-trac-stream] [Tahoe-LAFS] #2215: mitigate heartbleed vulnerability

Tahoe-LAFS trac at tahoe-lafs.org
Fri Apr 11 16:22:01 UTC 2014


#2215: mitigate heartbleed vulnerability
--------------------------+----------------------------------------------
     Reporter:  daira     |      Owner:
         Type:  defect    |     Status:  new
     Priority:  critical  |  Milestone:  1.11.0
    Component:  code      |    Version:  1.10.0
   Resolution:            |   Keywords:  security pyopenssl review-needed
Launchpad Bug:            |
--------------------------+----------------------------------------------

Comment (by daira):

 The current branch implements a different policy:
 * versions 0.9.8y+ in the 0.9.8 series are allowed;
 * versions 1.0.0l+ in the 1.0.0 series are allowed;
 * versions 1.0.1d through 1.0.1f are allowed iff compiled with
 -DOPENSSL_NO_HEARTBEATS or with a build date on or after 6 April 2014;
 * versions 1.0.1g+ are allowed.

 Also,
 * the error handling has changed;
 * there are more tests covering the cases above.

 Re-review needed.

--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2215#comment:4>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage


More information about the tahoe-lafs-trac-stream mailing list