OpenSSL wrote:
"Record of death" vulnerability in OpenSSL 0.9.8f through 0.9.8m
How comes the vulnerability doesn't touch 0.9.8e though the patched file
wasn't modified between 0.9.8e and 0.9.8f ?
But that code was modified between 0.9.8d and 0.9.8e, see this patch :
http://cvs.openssl.org/filediff?f=openssl/ssl/s3_pkt.c&v1=1.60&v2=1.61
Could it be a reference mistake and that this vulnerability is from
0.9.8e through 0.9.8m ?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
