Dear freshmeat.net subscriber,
barsnick just announced version 1.0.0c of OpenSSL on freshmeat.net.
The changes are as follows:
An error was fixed in the experimental J-PAKE implementation, which could lead
to successful validation by someone with no knowledge of the shared secret. This
issue was reported as CVE-2010-4252. An old bug in a workaround that allowed
malicious clients to modify the stored session cache ciphersuite was fixed. This
issue was reported as CVE-2010-4180.
Project description:
The OpenSSL Project is a collaborative effort to
develop a robust, commercial-grade, fully
featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport
Layer Security (TLS v1) as well as a full-strength
general-purpose cryptography library.
Detailed history and release notes are available here:
http://freshmeat.net/projects/openssl#release_325450
If you want to change your subscription to this project, please log in to:
http://freshmeat.net/account/subscriptions
Best regards,
freshmeat.net
--
This email was sent to [email protected].
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
