On Sat, Mar 07, 2015, Allauddin Ahmad via RT wrote: > Dear Concerned: > > Can you please confirm that OpenSSL branch 0.9.7 branch is not affected by: >
As Viktor mentioned 0.9.7 is no longer being maintained. However the following two issues will be present in 0.9.7: > > * RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) > > * Certificate fingerprints can be modified (CVE-2014-8275) > And possibly this one too: > * Bignum squaring may produce incorrect results (CVE-2014-3570) > It is quite likely that thare are many more problems with 0.9.7 too. Please don't post questions to the bug tracker. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
