On Mon, Jan 19, 2009 at 08:10:13PM +0900, Shinya TAKEBAYASHI wrote:
Now, I'm anxious about the impacts by CVE-2008-5077(vulnerability of OpenSSL).
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5077
Does anyone have information on the impacts given to boost::asio?
This is a generic answer pertining to any kind of 3rd-party library: 1. if you distribute your application in binary form that is _statically_ linked to the library in question, you distribute the vulnerability together with the application. Fix: YOU have to distribute updated binaries. 2. if you distribute your application in in source form OR in binary form that is _dynamically_ linked to the library in question, the library version which is found at the user's machine is used. Fix: the USERS have to make sure that they have patched their libraries before compiling or running the program.