And in the same time, thoses pull requests about polarssl too : https://github.com/zedshaw/mongrel2/pull/245 https://github.com/zedshaw/mongrel2/pull/246
Regards, William On Wed, Mar 25, 2015 at 4:22 PM, Dónal McCarthy <[email protected]> wrote: > Hi, > > Unfortunately a number of our servers were hacked over the weekend (they > were turned into zombies and used in a DoS attack on a number of ISPs). > After some investigation we've concluded that the attackers exploited this > vulnerability in Mongrel2 (https://github.com/zedshaw/mongrel2/issues/244) > (https://www.certifiedsecure.com/polarssl-advisory/). > > We created a pull request (https://github.com/zedshaw/mongrel2/pull/250) > which includes a version of the polarssl dependency that is patched against > this vulnerability. Can someone with write permissions on the project > please integrated the pull request into the master branch? > > It might be an idea to update the 'latest release' on the Mongrel2.org > website to include this patch. > > Regards, > Dónal. > -- > > *Dónal McCarthy* Technical Lead Data Mining & Social Computing, TSSG > Telecommunications > Software & Systems Group (TSSG), ArcLabs Research and Innovation > Building, Waterford Institute of Technology, Carriganore Campus, > Carriganore, Co. Waterford, Ireland *Tel:* +353 (0)51 30 2977 * > Fax:* +353 (0)51 341 100 <+353-51-341-100> *E-mail:* [email protected] > <[email protected]> *LinkedIn: * > ie.linkedin.com/pub/donal-mccarthy/3/a06/646/ www.tssg.org [image: > TSSG Signature] <http://www.tssg.org> > -- --------------------------------------------------------- William MARTIN wysman @NoSpAm@ gmail @DoT@ com
