Hello! I'm currenty working with openssl-0.9.8.y. As we can see in the changelog in the official openssl page there is a correct fix concerning the CVE-2013-0169 which is only available at version openssl-1.0.1.e.
My question is when do you plan to included this change at the series 0.9.8?? Is there already prepared patch for 0.9.8y for this issue? If yes where I could download it? Is it possible to overcome this problem without update to 1.0.1.e? Also does this issue can lead to "BAD_CLIENT_HANDSHAKE" and dropped valid SSL connections?? Thanks in advance!