[FFmpeg-devel] OpenSSL Heartbeat bug

Alexander Strasser eclipse7 at gmx.net
Fri Apr 18 19:46:38 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Our server hosting the Trac issue tracker was vulnerable to the attack
against OpenSSL known as "heartbleed". The OpenSSL software library was
updated on 7th of April, shortly after the vulnerability was publicly
disclosed. We have changed the private keys (and certificates) for all
FFmpeg servers. The new SHA1 fingerprints are:

ffmpeg.org:      d0 4c 1f d0 08 f6 e0 24 f0 2c 31 de 4d 01 45 04 32 2e 36 29
trac.ffmpeg.org: 2a 1c d7 a5 7e 39 6a bc c3 55 22 88 ba 2a cd e0 1f c1 9f 6e

We encourage you to read up on "OpenSSL heartbleed"[1]. It is possible
that login data for the issue tracker was exposed to people exploiting
this security hole. You might want to change your password in the tracker
and everywhere else you used that same password.


[1] For example here: https://www.schneier.com/blog/archives/2014/04/heartbleed.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlNRZP4ACgkQp9ile6h25Y/1JACfQTDMQa7z8do47lEtEWsFBhF2
1uMAnRmRbRL21Ba3J2z87aLbML2Qzzao
=BG1p
-----END PGP SIGNATURE-----


More information about the ffmpeg-devel mailing list