[mosh-devel] openssl-1.0.1f_0
Anders Kaseorg
andersk at MIT.EDU
Fri Apr 11 04:23:04 EDT 2014
On Fri, 11 Apr 2014, Anton Radkevich wrote:
> sudo port install mosh
> Warning: port definitions are more than two weeks old, consider updating
> them by running 'port selfupdate'.
I think you’ve answered your own question here.
> is there openssl-1.0.1f_0 known openssl bug?
I assume you’re referring to this week’s CVE-2014-0160 “Heartbleed”
vulnerability. Mosh only uses OpenSSL for its low-level AES and base64
primitives, and does not use any of the protocols affected by Heartbleed.
However, other applications might, so you may wish to pay attention to the
warning above anyway.
Anders
More information about the mosh-devel
mailing list