On Tue Jul 30, 2002 at 02:42:12PM -0300, Ademar de Souza Reis Jr. wrote: > On Tue, Jul 30, 2002 at 11:15:00AM +0100, Ben Laurie wrote: > > Enclosed are patches for today's OpenSSL security alert which apply to > > other versions. The patch for 0.9.7 is supplied by Ben Laurie > > <[EMAIL PROTECTED]> and the remainder by Vincent Danen (email not > > supplied). > > > > Patches are for 0.9.5a, 0.9.6 (use 0.9.6b patch), 0.9.6b, 0.9.6c, 0.9.7-dev. > > > > These patches are known to apply correctly but have not been > > thoroughly tested. > > Hello. > > While checking the patches you sent I noticed that in the ones for > openssh < 0.9.7-dev, the ASN.1 fix is not present (several checks in > crypto/asn1/asn1_lib.c).
Right. Thanks for adding that, Ademar. My patches were completed prior to my knowing about the ASN.1 vulnerability so they weren't included. -- MandrakeSoft Security; http://www.mandrakesecure.net/ "lynx -source http://www.freezer-burn.org/bios/vdanen.gpg | gpg --import" {GnuPG: 1024D/FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
msg12580/pgp00000.pgp
Description: PGP signature
