BTW I didn't resend the second copy of my mail: > Received: from epu.se (unknown [212.112.47.98]) > by mail.nessus.org (Postfix) with ESMTP id CF7B213672 > for <[EMAIL PROTECTED]>; Thu, 8 Jan 2004 06:17:26 -0500 > (EST) > Received: from mail pickup service by epu.se with Microsoft SMTPSVC; > Thu, 8 Jan 2004 12:16:24 +0100
On Thu, Jan 08, 2004 at 01:43:33PM +0100, Renaud Deraison wrote: > On Jan 8, 2004, at 12:16 PM, Axel Thimm wrote: > >Red Hat ships openssl 0.9.7a with patches for closing this security > >bugs: > > > >* Wed Sep 24 2003 Nalin Dahyabhai <[EMAIL PROTECTED]> > > > >- add security fixes for protocol parsing bugs (CAN-2003-0543, > >CAN-2003-0544) > > and heap corruption (CAN-2003-0545) > > It *seems* that they did not fix the "read the certificate the > remote host is sending me, even if I never requested it" bug, which > did not get a CAN candidate associated to it, that's too bad. How can one check whether they did or not? Anything I could grep for in RH's sources? -- [EMAIL PROTECTED]
pgp00000.pgp
Description: PGP signature
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
