[Subclipse-users] Subclipse 1.10.4 / JavaHL 1.8.8 on Win64 vulnerable to Heartbleed OpenSSL bug?

From: Nick Radov <nick.radov_at_optum.com>
Date: Wed, 23 Apr 2014 16:24:32 -0700 (PDT)

Is Subclipse 1.10.4 on MS Windows 64 bit impacted by the Heartbleed vulnerability (CVE-2014-0160)? It includes JavaHL 1.8.8, which in turn includes the OpenSSL 1.0.1f ssleay32.dll. The Heartbleed bug was fixed in OpenSSL 1.0.1g. Does JavaHL need to be updated?

In the mean time I suppose we can either switch to SVNKit, or manually replace ssleay32.dll with the fixed version.

------------------------------------------------------
http://subclipse.tigris.org/ds/viewMessage.do?dsForumId=1047&dsMessageId=3076950

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subclipse.tigris.org].

Received on 2014-04-24 01:36:40 CEST

This message: [ Message body ]
Next message: Robert Munteanu: "RE: Re: [Subclipse-users] Getting a ISVNClientAdapter in an Eclipse plugin test"
Previous message: Mark Phippard: "Re: [Subclipse-users] Getting a ISVNClientAdapter in an Eclipse plugin test"
Next in thread: Mark Phippard: "Re: [Subclipse-users] Subclipse 1.10.4 / JavaHL 1.8.8 on Win64 vulnerable to Heartbleed OpenSSL bug?"
Reply: Mark Phippard: "Re: [Subclipse-users] Subclipse 1.10.4 / JavaHL 1.8.8 on Win64 vulnerable to Heartbleed OpenSSL bug?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]