OpenSSL 1.0.1f has been made available since January 6, 2014 (cf. http://www.openssl.org/ )
Tor reported a flaw in OpenVPN's implementation of the SOCKS protocol (cf. "Tor Weekly News, March 12, 2014. https://blog.torproject.org/blog/ )
Would appreciate Samuli and/or his colleagues provide patches/workarounds for the above two issues.
Thanks in advance.
Security patches/workarounds needed for OpenVPN 2.3.2
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
innogen
- OpenVPN Power User
- Posts: 87
- Joined: Sun May 22, 2011 8:14 am
-
cron2
- Developer
- Posts: 24
- Joined: Tue Jan 12, 2010 8:08 pm
Re: Security patches/workarounds needed for OpenVPN 2.3.2
Well. Call me a lame bastard, but I am *not* going to hunt all over the Internet to see whether someone posts an OpenVPN bug in a blog somewhere.innogen wrote:Tor reported a flaw in OpenVPN's implementation of the SOCKS protocol (cf. "Tor Weekly News, March 12, 2014. https://blog.torproject.org/blog/ )
We have a bug tracker (trac), we have a working openvpn-devel mailing list, and we have an IRC channel.
So if our socks code is indeed broken (which might very well be), we'd appreciate a bug in trac, or a mail to openvpn-devel. Not a blog post somewhere.
gert