On Mon, Apr 14, 2014 at 02:37:52PM +0000, Richard Schmitt wrote:
Does the Yocto project plan to have some response to the heartbleed exploit in openssl in the near term? Has this already been addressed?
It was already addressed for master, daisy, dora and dylan.
It's a separate issue but as far as the yoctoproject.org
infrastructure is concerned our primary SSL termination server runs
OpenSSL 0.9.8k and was not vulnerable to heartbleed. Other servers
were not publicly accessible and were patched quickly after the
announcement. On the build hosts the only running service linked
linked against OpenSSL was NTP. We discussed this on the