|
Bugtraq
mailing list archives
Re: OpenSSL patches for other versions
From: "Ademar de Souza Reis Jr." <ademar () conectiva com br>
Date: Tue, 30 Jul 2002 14:42:12 -0300
On Tue, Jul 30, 2002 at 11:15:00AM +0100, Ben Laurie wrote:
Enclosed are patches for today's OpenSSL security alert which apply to
other versions. The patch for 0.9.7 is supplied by Ben Laurie
<ben () algroup co uk> and the remainder by Vincent Danen (email not
supplied).
Patches are for 0.9.5a, 0.9.6 (use 0.9.6b patch), 0.9.6b, 0.9.6c, 0.9.7-dev.
These patches are known to apply correctly but have not been
thoroughly tested.
Hello.
While checking the patches you sent I noticed that in the ones for
openssh < 0.9.7-dev, the ASN.1 fix is not present (several checks in
crypto/asn1/asn1_lib.c).
So I backported the fixes based on 0.9.7-dev and in a patch for 0.9.6d sent
by Ben Laurie to openssl-team () openssl org on July27 (subject: Final
version?).
Patches for 0.9.5a, 0.9.6a and 0.9.6b including fix for ASN.1 vulns attached.
They're not well tested yet - after sucessful compilation.
Cheers.
- Ademar
--
Ademar de Souza Reis Jr. <ademar () conectiva com br>
^[:wq!
Attachment:
openssl-0.9.5a-security.patch
Description:
Attachment:
openssl-0.9.6a-security.patch
Description:
Attachment:
openssl-0.9.6b-security.patch
Description:
 By Date 
By Thread
Current thread:
| 
Intro
