You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openoffice.apache.org by NoOp <gl...@sbcglobal.net> on 2014/12/19 06:36:59 UTC
140.211.11.74 + CVE-2014-0224
On the user mailing list I posted the following on 12/09/2014:
====
Andrea,
You might want to take a closer look at your servers - certs are good but:
"This server is vulnerable to the OpenSSL CCS vulnerability
(CVE-2014-0224) and exploitable. Grade set to F."
"https://www.ssllabs.com/ssltest/analyze.html?d=forum.openoffice.org"
<https://community.qualys.com/blogs/securitylabs/2014/06/13/ssl-pulse-49-vulnerable-to-cve-2014-0224-14-exploitable>
====
See: <http://permalink.gmane.org/gmane.comp.apache.openoffice.user/6538>
for the entire post.
https://forum.openoffice.org (erebus-ssl.apache.org,
repository.apache.org 140.211.11.74 et al) is still testing as not
patched for CVE-2014-0224 on ssllabs.com.
And here:
<http://ccsinject.iecra.org/index.php?site=forum.openoffice.org>
etc.
Shouldn't this be patched by now?
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: 140.211.11.74 + CVE-2014-0224
Posted by Andrea Pescetti <pe...@apache.org>.
On 19/12/2014 Andrea Pescetti wrote:
> Infra was notified on the same day and was supposed to handle that at
> the earliest possible occasion (which ought to be last week, but then
> other priorities came up). Remember that there is a system of reverse
> proxies installed, so what you see from outside may be relevant to the
> proxy in front and not to the OpenOffice VM.
Now fixed by Infra.
Regards,
Andrea.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: 140.211.11.74 + CVE-2014-0224
Posted by Andrea Pescetti <pe...@apache.org>.
NoOp wrote:
> On the user mailing list I posted the following on 12/09/2014
Infra was notified on the same day and was supposed to handle that at
the earliest possible occasion (which ought to be last week, but then
other priorities came up). Remember that there is a system of reverse
proxies installed, so what you see from outside may be relevant to the
proxy in front and not to the OpenOffice VM.
Regards,
Andrea.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org