-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [24 Apr 2012]
===
ASN1 BIO incomplete fix (CVE-2012-2131)
===
It was discovered that the fix for CVE-2012-2110 released on 19 Apr
2012 was not
On Mon, 2012-04-23 at 21:47 +0200, Andy Polyakov via RT wrote:
Per your suggestion, I replaced 16+9 with 16 and got the results
attached in the spreedsheet.
I can't read your spreadsheets, not this one nor one you've sent
earlier. It says file corrupted and fails to repair it. Could you
This patch fixes lost alert in dtls1_read_bytes in d1_pkt.c:1024.
Assigning value to al is useless unless goto jumps to f_err label.
Index: ssl/d1_pkt.c
===
RCS file: /v/openssl/cvs/openssl/ssl/d1_pkt.c,v
retrieving revision 1.55
On Tue, 2012-04-24 at 00:11 +0200, Andy Polyakov via RT wrote:
Per your suggestion, I replaced 16+9 with 16 and got the results
attached in the spreedsheet.
I can't read your spreadsheets, not this one nor one you've sent
earlier. It says file corrupted and fails to repair it. Could you
Hi,
1.0.0 had this:
/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
* This used to be 0x000FL before 0.9.7. */
#define SSL_OP_ALL 0x8FFFL
1.0.1 now has:
#define SSL_OP_NO_TLSv1_1
[openssl-dev@openssl.org - Wed Apr 25 00:33:54 2012]:
Hi,
1.0.0 had this:
/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
* This used to be 0x000FL before 0.9.7. */
#define SSL_OP_ALL 0x8FFFL
1.0.1 now
On Wed, Apr 25, 2012 at 12:40:50AM +0200, Stephen Henson via RT wrote:
Side effect of doing that is any application built againt OpenSSL 1.0.1
or 1.0.1a headers which has an option to set SSL_OP_NO_TLSv1_1 will have
that turned into noop and will have to be recompiled for that to work.
Hi,
I'm running a 0.9.8g version of the OpenSSL to verify some data.
I received an email related to a vulnerability of OpenSSL, basically says:
A potentially exploitable vulnerability has been discovered in the OpenSSL
function asn1_d2i_read_bio.
...
Any application which uses BIO or FILE