GnuTLS, a widely used open source library implementing Transport Layer Security, last week fixed a bug that had been hiding in the code for almost two years that made resumed TLS 1.3 sessions vulnerable to attack. The flaw allowed GnuTLS servers to use session tickets issued during a previous secure TLS 1.3 session without accessing the function that generates secret keys, gnutls session ticket key generate().
What have seven security fixes in FileZilla got to do with 2014's Heartbleed bug?
Almost 200,000 servers are still vulnerable to Heartbleed, the OpenSSL vulnerability patched nearly three years ago.
At the RSA Conference, nearly two years after Heartbleed, members of OpenSSL's Development Team described some benefits the nasty bug afforded them.