On Mon, Apr 8, 2013 at 4:00 AM, Roland Stigge wrote: > At the polarssl's upstream tracker, I found the following similar issue: > > https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2011-01 > regarding CVE-2011-1923 > > Is CVE-2011-1923 related to CVE-2009-3555? > > For CVE-2011-1923, they have a patch that applies to Debian's version in > squeeze (fixed upstream in >squeeze), which I can adapt easily and > prepare as a security fix. > > Nothing found directly for CVE-2009-3555 - will ask upstream.
They've definitely different issues. CVE-2009-3555 as an ssl protocol design flaw, so it affected pretty much every ssl implementation. If you can get a statement from upstream about it, that would be great. Best wishes, Mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
