Re: patches for security advisory of 30th July [URGENT]

[Sumeet Singh]

Its funny how nobody is replying to this email - not even in the negative. I will try one last time :).
Can any representative of openssl reply to the enclosed email ? In fact can *anybody* reply please ? I would really appreciate that.



Sumeet Singh wrote:

Hi all,
    This question is specifically meant for the openssl project team. Are the patches posted by Ben Laurie (pl. refer enclosed email) official openssl.org material? If not, then is there an official patch (for 0.9.5a) posted on the website? I ask this because these patches have not been placed on the openssl.org website. Also, the email sent out by Ben Laurie was not signed (like I've seen some emails sent by Richard Levitte). We are using openssl 0.9.5a and cannot upgrade due to some reasons. So the only way to plug the recently announced security leaks is to apply a patch. The only patch I could find was that posted on this mailing list.

thanks in advance,
-ss


Sumeet Singh wrote:

Hi all,
   Was wondering if these patches are "official" patches. I am using openssl 0.9.5a and can't upgrade to 0.9.6e because some code changes have been made. Therefore I need to patch the security fix and was wondering how 'official' these patches are.

http://marc.theaimsgroup.com/?l=openssl-users&m=102804360924926&q=raw <http://marc.theaimsgroup.com/?l=openssl-users&m=102804360924926&q=raw>

regards,
-s

This is a multi-part message in MIME format.

--------------040702070909050702020402
Content-Type: text/plain;
	charset="us-ascii";
	format=flowed
Content-Transfer-Encoding: 7bit

Enclosed are patches for today's OpenSSL security alert which apply to
other versions. The patch for 0.9.7 is supplied by Ben Laurie
<[EMAIL PROTECTED]> and the remainder by Vincent Danen (email not
supplied).

Patches are for 0.9.5a, 0.9.6 (use 0.9.6b patch), 0.9.6b, 0.9.6c, 0.9.7-dev.

These patches are known to apply correctly but have not been
thoroughly tested.

Cheers,

Ben.

  

______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]

______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]