|
|
|
|
|
|
by richardwhiuk
3899 days ago
|
|
|
False: CVE-2015-0204 affected LibreSSL, but they thought it was a low priority vulnerability, when it actually is a high priority. They fixed it, didn't notify upstream afaict and just issued a new release. LibreSSL isn't a panacea, and based on that, they can't even classify vulnerabilities correctly. Most of the vulnerabilities in OpenSSL are in parts (e.g. DTLS) which are disabled in lots of builds. |
|
|