Viktor, http://www.securityfocus.com/bid/25831/info has 0.9.7m as being vulnerable.
I'm not sure how one can try to get them to correct it on their list. Thanks, Jerry -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor Duchovni Sent: Tuesday, February 26, 2008 03:10 PM To: openssl-users@openssl.org Subject: Re: 0.9.8 version that is fips compliant? On Tue, Feb 26, 2008 at 03:06:17PM -0600, Blasdel, Jerry wrote: > All, > > Is OpenSSL version 0.9.7m vulnerable to this security notice > http://www.openssl.org/news/secadv_20071012.txt? > > Reading through the notice it sounds like they recommend upgrading to > 0.9.8g but that only those versions PRIOR to 0.9.7m are affected. > The SSL_get_shared_ciphers() problem was resolved in 0.9.7m. Many applications don't call SSL_get_shared_ciphers(), and are not vulnerable even with older libraries. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
