On Mon, Jan 06, 2014, ET wrote:

> Also, the release notes list:
>   * Fix for TLS record tampering bug CVE-2013-4353
> But the list of OpenSSL vulnerabilities linked from there does not mention 
> this anywhere...

The list hasn't been updated yet. You can get details from the CHANGES entry
for now:

        Fix for TLS record tampering bug. A carefully crafted invalid
        handshake could crash OpenSSL with a NULL pointer exception.
        Thanks to Anton Johansson for reporting this issues.

Dr Stephen N. Hens n. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to