Dear Concerned: Can you please confirm that OpenSSL branch 0.9.7 branch is not affected by:
* DTLS segmentation fault in dtls1_get_record (CVE-2014-3571 (CVE-2015-0206 * DTLS memory leak in dtls1_buffer_record (CVE-2015-0206) * no-ssl3 configuration sets method to NULL (CVE-2014-3569) * ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572) * RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) * DH client certificates accepted without verification [Server] (CVE-2015-0205) * Certificate fingerprints can be modified (CVE-2014-8275) * Bignum squaring may produce incorrect results (CVE-2014-3570) Since we do not find any mention of 0.9.7 branch in advisory links. Please note that OpenSSL 0.9.7 is shipped with Solaris10. Thanks and Regards Allauddin Ahmad Sr. System Analyst-I | THPS TELUS Health and Payment Solutions 505 March Rd., Suite 450, Kanata, ON, K2K 3A4 T : (613) 576 2091 allauddin.ah...@telus.com<mailto:michael.sch...@telus.com> telushealth.com [cid:image001.jpg@01D0580F.9A788DD0] The information contained herein, including any attachments, is proprietary and confidential and is intended for the exclusive use of the addressee. It also may contain privileged information and/or personal information subject to privacy legislation. The authorized addressee of this information, by its retention and use, agrees to protect the information contained herein from loss, disclosure, theft or compromise with at least the same care it employs to protect its own confidential information. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. If you have received this e-mail in error, please notify us immediately by reply e-mail and destroy all copies.
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
