maria-discuss team mailing list archive

[Peter Laursen <peter_laursen@xxxxxxxxxx>]

What about this
http://security.stackexchange.com/questions/55249/what-clients-are-proven-to-be-vulnerable-to-heartbleed(MariaDB
5.5.36 is listed).

And what about the C-API?


-- Peter


On Wed, Apr 9, 2014 at 3:31 PM, Peter Laursen <peter_laursen@xxxxxxxxxx>wrote:

> I think at least on Windows OpenSSL is statically linked? If so, all
> available versions have an afftected OpenSLL inside.
>
> -- Peter
>
>
> On Wed, Apr 9, 2014 at 3:25 PM, Reindl Harald <h.reindl@xxxxxxxxxxxxx>wrote:
>
>>
>>
>> Am 09.04.2014 15:21, schrieb Peter Laursen:
>> > A far as I understand MariaDB uses OpenSSL (unlike Oracle-MySQL that
>> uses YaSSL).
>> >
>> > Now what about the heartbleed bug: http://heartbleed.com/
>> >
>> > Will all still suported MariaDB versions (5.1, 5.2, 5.3, 5.5 and 10.0
>> are all still suported I think?) need a
>> > release for this bug in OpenSSL?
>>
>> why should they?
>>
>> update openssl and restart all daemons which are linking the library
>> and consider replace your certificates / private keys if a service
>> using openssl was reachable from the internet
>>
>> that's the idea behind shared libraries
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~maria-discuss
>> Post to     : maria-discuss@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~maria-discuss
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>