On Mon, 24 Feb 2003, Peter Lawler wrote: > For those who may have missed it, > http://www.openssl.org/news/secadv_20030219.txt
As a datapoint, although I could compile Cyrus against OpenSSL 0.9.7a and it appeared to work for imaps, both apache 1.3.27 and sendmail 8.12.7 didn't work correctly (coredump in EWP_update or something). I've backed out to OpenSSL 0.9.6i which fixes the vulnerability and also works with all the packages I need to link against. ian