On Tue, Feb 12, 2013, John Foley wrote:

> There were several commits to the 0_9_8 trunk after the 0.9.8y release
> last week that appear to be related to CVE-2013-0169.  Will there be a
> forthcoming 0.9.8z release as a result?  Or are these commits not needed
> to mitigate CVE-2013-0169?
> 

The commits aren't needed for CVE-2013-0169 for the OpenSSL 0.9.8 and 1.0.0
branches. The 1.0.1 fixes were critical as TLS was broken.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org
  • 0.9.8z? John Foley
    • Re: 0.9.8z? Dr. Stephen Henson

Reply via email to