Subject: Re: openssl-0.9.6e DoS advisory vs audit-packages
To: None <itojun@iijlab.net>
From: Luke Mewburn <lukem@wasabisystems.com>
List: tech-security
Date: 08/10/2002 10:47:21
On Sat, Aug 10, 2002 at 09:45:16AM +0900, itojun@iijlab.net wrote:
| >Package openssl-0.9.6e has a denial-of-service vulnerability, see
| >http://www.openssl.org/news/secadv_20020730.txt
| >the advisory itself indicates 0.9.6d has the problem and suggests
| >upgrading to openssl-0.9.6e.
|
| yes, i need to find a better URL. openssl 0.9.6e is indeed vulnerable,
| and we need to upgrade to 0.9.6f (or g).
i'd say "g", just to be consistent with basesrc.
luke.