Re: OpenSSL patches for other versions
From: Ademar de Souza Reis Jr. (ademar@conectiva.com.br)Date: 07/30/02
- Previous message: Thor Larholm: "RE: warning"
- In reply to: Ben Laurie: "OpenSSL patches for other versions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Jul 2002 14:42:12 -0300 From: "Ademar de Souza Reis Jr." <ademar@conectiva.com.br> To: Bugtraq <BUGTRAQ@SECURITYFOCUS.COM>
On Tue, Jul 30, 2002 at 11:15:00AM +0100, Ben Laurie wrote:
> Enclosed are patches for today's OpenSSL security alert which apply to
> other versions. The patch for 0.9.7 is supplied by Ben Laurie
> <ben@algroup.co.uk> and the remainder by Vincent Danen (email not
> supplied).
>
> Patches are for 0.9.5a, 0.9.6 (use 0.9.6b patch), 0.9.6b, 0.9.6c, 0.9.7-dev.
>
> These patches are known to apply correctly but have not been
> thoroughly tested.
Hello.
While checking the patches you sent I noticed that in the ones for
openssh < 0.9.7-dev, the ASN.1 fix is not present (several checks in
crypto/asn1/asn1_lib.c).
So I backported the fixes based on 0.9.7-dev and in a patch for 0.9.6d sent
by Ben Laurie to openssl-team@openssl.org on July27 (subject: Final
version?).
Patches for 0.9.5a, 0.9.6a and 0.9.6b including fix for ASN.1 vulns attached.
They're not well tested yet - after sucessful compilation.
Cheers.
- Ademar
-- Ademar de Souza Reis Jr. <ademar@conectiva.com.br>^[:wq!
- text/plain attachment: openssl-0.9.5a-security.patch
- text/plain attachment: openssl-0.9.6a-security.patch
- text/plain attachment: openssl-0.9.6b-security.patch
- Previous message: Thor Larholm: "RE: warning"
- In reply to: Ben Laurie: "OpenSSL patches for other versions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
