[FFmpeg-cvslog] [ffmpeg-web] branch master updated. 347caa9 web: Inform about private key/cert changes

gitolite ffmpeg-cvslog at ffmpeg.org
Fri Apr 18 20:54:43 CEST 2014 

The branch, master has been updated
       via  347caa9609d8b550cc2962058fb760d5586cc5c1 (commit)
      from  f469d019f89bfcc130b350bd8205715b2a3eaffb (commit)


- Log -----------------------------------------------------------------
commit 347caa9609d8b550cc2962058fb760d5586cc5c1
Author:     Alexander Strasser <eclipse7 at gmx.net>
AuthorDate: Fri Apr 18 20:35:24 2014 +0200
Commit:     Alexander Strasser <eclipse7 at gmx.net>
CommitDate: Fri Apr 18 21:00:36 2014 +0200

    web: Inform about private key/cert changes
    
    The Trac server was open to the heartbleed vulnerability.
    So we generated new private keys and certificates for the
    servers.

diff --git a/src/index b/src/index
index 02d41c2..573cee1 100644
--- a/src/index
+++ b/src/index
@@ -11,6 +11,25 @@ changes.
 <h1>News <a href="main.rss"><img style="vertical-align: middle; margin-left: 6px" src="Feed-icon.png" alt="[RSS]" /></a><a href="https://plus.google.com/108003112428040046828?prsrc=3" rel="publisher" style="text-decoration:none;">
 <img src="gplus-16.png" alt="Google+" style="vertical-align: middle; margin-left: 16px"/></a></h1>
 
+<a id="heartbleed"></a><h3>April 18, 2014, OpenSSL Heartbeat bug</h3>
+<p>
+Our server hosting the Trac issue tracker was vulnerable to the attack
+against OpenSSL known as "heartbleed". The OpenSSL software library
+was updated on 7th of April, shortly after the vulnerability was publicly
+disclosed. We have changed the private keys (and certificates) for all
+FFmpeg servers. The details were sent to the mailing lists by
+Alexander Strasser, who is part of the project server team. Here is a
+link to the user mailing list
+<a href="https://lists.ffmpeg.org/pipermail/ffmpeg-user/2014-April/020968.html">archive</a>
+.
+</p><p>
+We encourage you to read up on
+<a href="https://www.schneier.com/blog/archives/2014/04/heartbleed.html">"OpenSSL heartbleed"</a>.
+<b>It is possible that login data for the issue tracker was exposed to
+people exploiting this security hole. You might want to change your password
+in the tracker and everywhere else you used that same password.</b>
+</p>
+
 <a id="pr2.2.1"></a><h3>April 11, 2014, FFmpeg 2.2.1</h3>
 <p>
 We have made a new point releases (<b><a href="download.html#release_2.2">2.2.1</a></b>).

-----------------------------------------------------------------------

Summary of changes:
 src/index |   19 +++++++++++++++++++
 1 files changed, 19 insertions(+), 0 deletions(-)


hooks/post-receive
--

More information about the ffmpeg-cvslog mailing list