Andrew S., where did you find that info about "RSA blinding"? Oh, it
here, from April
and the original
17 March advisory
It would be nice to know how serious a security vulnerabilty this
really is. From the discussion in
Vulnerability Note VU#997481
I suspect it is pretty low risk for most web servers on the Internet.
show a lot of info from back in March.
[grumble grumble] My fairly un-informed take on this is that some of
these rushed in security patches are not all that well thought out.
Breaking thread-safety by default in a security patch to a
formerly thread-safe library strikes me as really obnoxious.