On Tue, Feb 26, 2008 at 03:06:17PM -0600, Blasdel, Jerry wrote:
> All,
>
> Is OpenSSL version 0.9.7m vulnerable to this security notice
> http://www.openssl.org/news/secadv_20071012.txt?
>
> Reading through the notice it sounds like they recommend upgrading to
> 0.9.8g but that only those versions PRIOR to 0.9.7m are affected.
>
The SSL_get_shared_ciphers() problem was resolved in 0.9.7m. Many
applications don't call SSL_get_shared_ciphers(), and are not vulnerable
even with older libraries.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
