David Millington Indeed. And the linked article should have listed that as "not vulnerable for that particular CVE". Because the OpenSSL versions used are vulnerable to many other CVEs.
Note that two years on, there is still no security mailing list, apparatus in place to notify users of vulnerabilities before they're publicly announced, etc.
Nice. I feel so secure.
ReplyDeleteThe link you point to explicitly says Interbase is not vulnerable...
ReplyDeleteDavid Millington Indeed. And the linked article should have listed that as "not vulnerable for that particular CVE". Because the OpenSSL versions used are vulnerable to many other CVEs.
ReplyDeleteBill Meyer If you want to feel even more secure, read these:
ReplyDeletecoresecurity.com - Delphi and C++ Builder VCL library Buffer Overflow
https://www.coresecurity.com/advisories/delphi-and-c-builder-vcl-library-heap-buffer-overflow
Note that two years on, there is still no security mailing list, apparatus in place to notify users of vulnerabilities before they're publicly announced, etc.