On 4/7/2014 5:02 PM, Xin Li wrote: >> >> The implications of this vulnerability are pretty massive, >> certificates will need to be replaced and so on. I don't want to >> repeat the page, so go read that. > > We are already working on this but building, reviewing, etc. would > take some time. > > Attached is the minimal fix (extracted from upstream git repository) > we are intending to use in the advisory for those who want to apply a > fix now, please DO NOT use any new certificates before applying fixes. Hi, I am trying to understand the implications of this bug in the context of a vulnerable client, connecting to a server that does not have this extension. e.g. a client app linked against 1.xx thats vulnerable talking to a server that is running something from RELENG_8 in the base (0.9.8.x). Is the server still at risk ? Will the client still bleed information ? ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"