On Thu, Oct 09, 2003, Moulding, Dan wrote: > Hello, > > It seems that most of the previous security advisories have included the > CVS diff of the patch source. However, I didn't see it for the most > recent advisory. Does anyone know where, if anywhere at all, such a > patch can be found? >
The preferred method if to upgrade to 0.9.7c or 0.9.6k however... The ASN1 parsing issues are covered by: http://cvs.openssl.org/chngview?cn=11471 http://cvs.openssl.org/chngview?cn=11470 http://cvs.openssl.org/chngview?cn=11472 for 0.9.7, 0.9.6 and 0.9.6-engine respectively. The fix which rejects unrequested client certificates is at: http://cvs.openssl.org/chngview?cn=11213 http://cvs.openssl.org/chngview?cn=11212 for 0.9.7 and 0.9.6 Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
