8 Jun
2014
8 Jun
'14
10:38 a.m.
On Fri, Jun 06, 2014 at 09:58:15PM -0700, shelley@misanthropia.info wrote:
On Fri, Jun 6, 2014, at 09:30 PM, jim bell wrote:
Direct info: https://www.openssl.org/news/secadv_20140605.txt
Experts said the newly discovered vulnerabilities in OpenSSL, which could allow hackers to spy on communications, do not appear to be as serious a threat as Heartbleed.
From the FA:
This is potentially exploitable to run arbitrary code on a vulnerable client or server.
This appears _worse_ than HB to me. "Potentially" usually just downplays the issue - it either exploitable or not.