well, I already upgraded to openssl-0.9.6g back with apache-1.3.26 and modssl 2.8.10
Jeff > this new release has AFAIK nothing to do with the openssl-vulns. > > It is a release for the today released apache-1.3.27 which fixes 3 vulns in > the apache itself. > > If you want to fix the vulns in SSL you have to upgrade or patch your > openssl-package. > > Andreas > > ---- > e-admin internet gmbh > andreas gietl > ludwig-thoma-strasse 35 > 93051 Regensburg > > > -----Urspr�ngliche Nachricht----- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]Im Auftrag von Jeff Bert > Gesendet: Freitag, 4. Oktober 2002 18:56 > An: [EMAIL PROTECTED] > Betreff: Re: [ANNOUNCE] mod_ssl 2.8.11-1.3.27 > > > Thanks Ralf for keeping up on this. I run apache/mod_ssl server as a hobby > for friends' websites and have been actually having quite a number of people > trying the ssl hack on my server. > > Jeff > > > As you've hopefully recognized, the ASF released Apache 1.3.27, which > > includes important security fixes. The corresponding mod_ssl 2.8.11 for > > this version is now available, too. > > > > Fetch it from: > > > > http://www.modssl.org/source/ > > ftp://ftp.modssl.org/source/ > > Ralf S. Engelschall > > [EMAIL PROTECTED] > > www.engelschall.com > > > > Changes with mod_ssl 2.8.11 (24-Jun-2002 to 04-Oct-2002) > > > > *) Upgraded to Apache 1.3.27. > > > > *) Fixed internal error handling for CRL verification. > > > > *) Initialize OpenSSL ENGINE before initializing OpenSSL > > to workaround problems with the PRNG. > > > > *) Also find "openssl" executable in "sbin" directories. > > > > *) Honor specified number of maximum bytes on SSLRandomSeed > > if reading from EGD. > > > > *) Fixed generation of SSL_CLIENT_CERT_CHAIN_[0-9] variables. > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
