On 8/15/07, Kurt Roeckx <[EMAIL PROTECTED]> wrote: > > Hi, > > I've just been informed that there has been a CVE published about > openssl. You can see some of it at: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108 > http://www.securityfocus.com/bid/25163/solution > http://openssl.org/news/patch-CVE-2007-3108.txt > > But I haven't seen an announcement about it yet.
Hi Kurt, I'd love to know more about this as well. The fixes seem to be only to 0.9.8stable and HEAD but looking at the patch it seems like it would apply to 97stable as well. There are lots of 97stable customers out there still, is it necessary to manually backport the patch? What about FIPS? Is this being discussed on another alias or forum somewhere? Thanks, Ben
