[MPlayer-dev-eng] OpenSSL Heartbeat bug

Alexander Strasser eclipse7 at gmx.net
Fri Apr 18 20:09:05 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Our server hosting the Trac issue tracker was vulnerable to the attack
against OpenSSL known as "heartbleed". The OpenSSL software library was
updated on 7th of April, shortly after the vulnerability was publicly
disclosed. We have changed the private keys (and certificates) for all
MPlayer servers. The new SHA1 fingerprints are:

mplayerhq.hu:      d0 4c 1f d0 08 f6 e0 24 f0 2c 31 de 4d 01 45 04 32 2e 36 29
trac.mplayerhq.hu: 2a 1c d7 a5 7e 39 6a bc c3 55 22 88 ba 2a cd e0 1f c1 9f 6e

We encourage you to read up on "OpenSSL heartbleed"[1]. It is possible
that login data for the issue tracker was exposed to people exploiting
this security hole. You might want to change your password in the tracker
and everywhere else you used that same password.


[1] For example here: https://www.schneier.com/blog/archives/2014/04/heartbleed.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlNRakEACgkQp9ile6h25Y80OACfV/nUA0XE7MCGTgV9A29cMT1Y
vWYAnjff6mon5Fu2Fk9IgB5H2EFxZngL
=lFJq
-----END PGP SIGNATURE-----


More information about the MPlayer-dev-eng mailing list