On Thu, Mar 25, 2010 at 5:16 PM, Claus Assmann <ca+ssl-...@esmtp.org> wrote: > So far I haven't been able to determine which change caused the > problem, so I'm still looking at various diff's, but I'm not > familiar with the source code to (easily) spot the problem.
I imagine the reason that the exact breakdown wasn't given was because it would let attackers know exactly what to do. >From the advisory: - If 'short' is a 16-bit integer, this issue applies only to OpenSSL 0.9.8m. - Otherwise, this issue applies to OpenSSL 0.9.8f through 0.9.8m. Almost certainly short is 16-bits for you, so it only matters if you're running 0.9.8m. You are very unlikely to have introduced the problem via a patch. AGL -- Adam Langley a...@imperialviolet.org http://www.imperialviolet.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org