[arch-general] Heartbleed-bug in OpenSSL 1.0.1 up to 1.0.1f

RbN r.b.n at riseup.net
Tue Apr 8 14:17:45 EDT 2014


> I actually did push an updated package within 3 hours after the public
> announcement. I think that is pretty reasonable especially since we are
> not among the fortunate distros and companies that were notified
> beforehand.

It's very good! Only a few distribution and vendors can do that!

What is the situation with the Archlinux websites and others servers?

I remind that this flaw is rather critical and applying the patch/new version 
is probably not enough (especially if you are . There is already a lot of 
people playing with this bug and trying to extract "secrets" and sensitive 
data from servers. TLS private keys should be revoked and new ones get 
generated, as htpasswd etc.

o/
RbN
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20140408/29d1d1a6/attachment.asc>


More information about the arch-general mailing list