linuxdcpp-team team mailing list archive

Thread
Date

[Bug 1304769] Re: Heartbleed

To: linuxdcpp-team@xxxxxxxxxxxxxxxxxxx
From: eMTee <1304769@xxxxxxxxxxxxxxxxxx>
Date: Wed, 09 Apr 2014 20:10:11 -0000
Reply-to: Bug 1304769 <1304769@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

According to heartbleed.com's FAQ if you don't explicitly specify -DOPENSSL_NO_HEARTBEATS option at compile time, then Heartbeat is enabled for all handshakes.
According to tests conducted by various DC software authors, DC clients using OpenSSL as well as ADCH++ are vulnerable.

** Changed in: adchpp
       Status: New => Confirmed

** Changed in: adchpp
   Importance: Undecided => Critical

** Also affects: dcplusplus
   Importance: Undecided
       Status: New

** Changed in: dcplusplus
   Importance: Undecided => Critical

-- 
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to ADCH++.
https://bugs.launchpad.net/bugs/1304769

Title:
  Heartbleed

Status in ADCH++:
  Confirmed
Status in DC++:
  Confirmed

Bug description:
  Seems that ADCH++ is affected, maybe a new release?

  http://heartbleed.com/
  http://filippo.io/Heartbleed/

To manage notifications about this bug go to:
https://bugs.launchpad.net/adchpp/+bug/1304769/+subscriptions

References

[Bug 1304769] [NEW] Heartbleed
From: Herman, 2014-04-09