On Tue, Jul 30, 2002 at 11:15:00AM +0100, Ben Laurie wrote: > Enclosed are patches for today's OpenSSL security alert which apply to > other versions. The patch for 0.9.7 is supplied by Ben Laurie > <benat_private> and the remainder by Vincent Danen (email not > supplied). > > Patches are for 0.9.5a, 0.9.6 (use 0.9.6b patch), 0.9.6b, 0.9.6c, 0.9.7-dev. > > These patches are known to apply correctly but have not been > thoroughly tested. Hello. While checking the patches you sent I noticed that in the ones for openssh < 0.9.7-dev, the ASN.1 fix is not present (several checks in crypto/asn1/asn1_lib.c). So I backported the fixes based on 0.9.7-dev and in a patch for 0.9.6d sent by Ben Laurie to openssl-teamat_private on July27 (subject: Final version?). Patches for 0.9.5a, 0.9.6a and 0.9.6b including fix for ASN.1 vulns attached. They're not well tested yet - after sucessful compilation. Cheers. - Ademar -- Ademar de Souza Reis Jr. <ademarat_private> ^[:wq!
This archive was generated by hypermail 2b30 : Tue Jul 30 2002 - 12:28:28 PDT