On Mon, Jan 06, 2014, ET wrote: > Also, the release notes list: > > * Fix for TLS record tampering bug CVE-2013-4353 > > But the list of OpenSSL vulnerabilities linked from there does not mention > this anywhere... >
The list hasn't been updated yet. You can get details from the CHANGES entry for now: Fix for TLS record tampering bug. A carefully crafted invalid handshake could crash OpenSSL with a NULL pointer exception. Thanks to Anton Johansson for reporting this issues. (CVE-2013-4353) Steve. - Dr Stephen N. Hens n. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org