Ok, thanks. What previous versions would have been affected by that vulnerability?
Erik On 06 Jan 2014, at 11:30 AM, Dr. Stephen Henson <st...@openssl.org> wrote: > On Mon, Jan 06, 2014, ET wrote: > >> Also, the release notes list: >> >> * Fix for TLS record tampering bug CVE-2013-4353 >> >> But the list of OpenSSL vulnerabilities linked from there does not mention >> this anywhere... >> > > The list hasn't been updated yet. You can get details from the CHANGES entry > for now: > > Fix for TLS record tampering bug. A carefully crafted invalid > handshake could crash OpenSSL with a NULL pointer exception. > Thanks to Anton Johansson for reporting this issues. > (CVE-2013-4353) > > Steve. > - > Dr Stephen N. Hens n. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
