On 04/09/2014 01:43 AM, Andrew Carr wrote:
http://www.openssl.org/news/secadv_20140407.txt
Hi Tomcat Devs,
I have been on the dev list for a few years, and a tomcat developer longer
than that. While I haven't contributed yet, I was curious if this cve
needs a contribution. As far as I can tell, if you recompile your native
libs with the unaffected version of SSL, you will not be vulnerable to this
CVE.
Is that assumption correct or does there need to be a change to tcnative?
Assumption is correct.
You may trac https://issues.apache.org/bugzilla/show_bug.cgi?id=56363
for this issue.
Regards
--
^TM
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org