[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reg: Vulnerability CVE-2014-0160

Subject: Re: Reg: Vulnerability CVE-2014-0160
From: Aris Adamantiadis <aris@xxxxxxxxxxxx>
Reply-to: libssh@xxxxxxxxxx
Date: Sat, 12 Apr 2014 22:53:07 +0200
To: libssh@xxxxxxxxxx

Le 11/04/14 14:31, Andreas Schneider a écrit :
> Hi,
>> This is regarding the vulnerability CVE-2014-0160 (OpenSSL Heartbleed),
>> we understand that we use openSSL in our implementation.
>>
>> We link -lssl and use libcrypto.so in our compilation and linking,
>> Does this vulnerability has any impact in libssh, Share your thoughts
>> regarding this.
>
Hi Andreas,

Quick though here, maybe we should try to avoid linking with -lssl
because I don't think we use any API from libssl but only libcrypto.

Aris

Follow-Ups:
Re: Reg: Vulnerability CVE-2014-0160	Andreas Schneider <asn@xxxxxxxxxxxxxx>

References:
Reg: Vulnerability CVE-2014-0160	Aartih <aarthit2014@xxxxxxxxx>
Re: Reg: Vulnerability CVE-2014-0160	Andreas Schneider <asn@xxxxxxxxxxxxxx>

Archive administrator: postmaster@lists.cynapses.org