On Fri, Jun 06, 2014 at 09:58:15PM -0700, [email protected] wrote: > On Fri, Jun 6, 2014, at 09:30 PM, jim bell wrote: > > Direct info: > https://www.openssl.org/news/secadv_20140605.txt > > > > > > Experts said the newly discovered vulnerabilities in OpenSSL, which could > > allow hackers to spy on communications, do not appear to be as serious a > > threat as Heartbleed.
>From the FA: > This is potentially exploitable to run arbitrary code on a vulnerable client > or server. This appears _worse_ than HB to me. "Potentially" usually just downplays the issue - it either exploitable or not.
