On Mon, Jan 06, 2014, ET wrote:
> Also, the release notes list:
>
> * Fix for TLS record tampering bug CVE-2013-4353
>
> But the list of OpenSSL vulnerabilities linked from there does not mention
> this anywhere...
>
The list hasn't been updated yet. You can get details from the CHANGES entry
for now:
Fix for TLS record tampering bug. A carefully crafted invalid
handshake could crash OpenSSL with a NULL pointer exception.
Thanks to Anton Johansson for reporting this issues.
(CVE-2013-4353)
Steve.
-
Dr Stephen N. Hens n. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
