[zeromq-dev] Security downgrade attacks in 4.0.5, 4.1.0

Pieter Hintjens ph at imatix.com
Fri Dec 5 09:13:44 CET 2014


Hi all,

@MinRK reported and fixed a downgrade attack in the 4.0.5 stable
release of libzmq, and the 4.1.0 RC1. See
https://github.com/zeromq/libzmq/issues/1273.

The fix is on libzmq master, and also on zeromq4-x and zeromq4-1 masters.

When I get some confirmation that these two masters look OK, I'll make
new packages with the releases.

For 4.1 RC2, if anyone has specific fixes to libzmq master they still
want to backport, please raise a hand, or make the usual pull
requests.

Thanks,
-Pieter



More information about the zeromq-dev mailing list