On Tue, Feb 12, 2013, John Foley wrote: > There were several commits to the 0_9_8 trunk after the 0.9.8y release > last week that appear to be related to CVE-2013-0169. Will there be a > forthcoming 0.9.8z release as a result? Or are these commits not needed > to mitigate CVE-2013-0169? >
The commits aren't needed for CVE-2013-0169 for the OpenSSL 0.9.8 and 1.0.0 branches. The 1.0.1 fixes were critical as TLS was broken. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org