[FFmpeg-user] OpenSSL Heartbeat bug

Alexander Strasser eclipse7 at gmx.net
Fri Apr 18 19:45:38 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Our server hosting the Trac issue tracker was vulnerable to the attack
against OpenSSL known as "heartbleed". The OpenSSL software library was
updated on 7th of April, shortly after the vulnerability was publicly
disclosed. We have changed the private keys (and certificates) for all
FFmpeg servers. The new SHA1 fingerprints are:

ffmpeg.org:      d0 4c 1f d0 08 f6 e0 24 f0 2c 31 de 4d 01 45 04 32 2e 36 29
trac.ffmpeg.org: 2a 1c d7 a5 7e 39 6a bc c3 55 22 88 ba 2a cd e0 1f c1 9f 6e

We encourage you to read up on "OpenSSL heartbleed"[1]. It is possible
that login data for the issue tracker was exposed to people exploiting
this security hole. You might want to change your password in the tracker
and everywhere else you used that same password.


[1] For example here: https://www.schneier.com/blog/archives/2014/04/heartbleed.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlNRZMIACgkQp9ile6h25Y9wVACfRYx19HPswWI9HvKXr/fh7bkF
rKcAn1Yfyz0PPktsZXs4KGw9az7egMTV
=Pi0n
-----END PGP SIGNATURE-----


More information about the ffmpeg-user mailing list