On Thu, Sep 26, 2013, Costas Stasimos wrote: > Hello! > > I'm currenty working with openssl-0.9.8.y. As we can see in the changelog > in the official openssl page there is a correct fix concerning > the CVE-2013-0169 which is only available at version openssl-1.0.1.e. > > My question is when do you plan to included this change at the series > 0.9.8?? > > Is there already prepared patch for 0.9.8y for this issue? If yes where I > could download it? >
The patch only affects TLS 1.1 and later ss well as ome usages of AES-NI. Since OpenSSL 0.9.8 doesn't support either of these it is not affected. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
