[FFmpeg-user] OpenSSL Heartbeat bug

Spencer Graves spencer.graves at prodsyse.com
Fri Apr 18 19:59:40 CEST 2014


On 4/18/2014 10:45 AM, Alexander Strasser wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Our server hosting the Trac issue tracker was vulnerable to the attack
> against OpenSSL known as "heartbleed". The OpenSSL software library was
> updated on 7th of April, shortly after the vulnerability was publicly
> disclosed. We have changed the private keys (and certificates) for all
> FFmpeg servers. The new SHA1 fingerprints are:
>
> ffmpeg.org:      d0 4c 1f d0 08 f6 e0 24 f0 2c 31 de 4d 01 45 04 32 2e 36 29
> trac.ffmpeg.org: 2a 1c d7 a5 7e 39 6a bc c3 55 22 88 ba 2a cd e0 1f c1 9f 6e
>
> We encourage you to read up on "OpenSSL heartbleed"[1]. It is possible
> that login data for the issue tracker was exposed to people exploiting
> this security hole. You might want to change your password in the tracker
> and everywhere else you used that same password.

or a similar password.  There are criminal organizations coding bots to 
guess password based on bits of information collected from social 
networking sites like Facebook, genealogical databases, etc.


       Spencer

> [1] For example here: https://www.schneier.com/blog/archives/2014/04/heartbleed.html
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iEYEARECAAYFAlNRZMIACgkQp9ile6h25Y9wVACfRYx19HPswWI9HvKXr/fh7bkF
> rKcAn1Yfyz0PPktsZXs4KGw9az7egMTV
> =Pi0n
> -----END PGP SIGNATURE-----
> _______________________________________________
> ffmpeg-user mailing list
> ffmpeg-user at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-user


More information about the ffmpeg-user mailing list