3 publicly visible posts • joined 13 May 2008
We think it's unlikely to be usefully exploitable:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2010-3864#c7
We actually had advance notice to be able to fix this issue so quickly after disclosure:
http://www.awe.com/mark/blog/20091007.html
"Another has suggested the bug resides within OpenSSL itself and dates from May 2006,"
This is not true, this issue does not affect upstream OpenSSL or any vendors that are not derived from Debian.