Why is this issue still open? Something wrong with the patch?
The problem described is assigned CVE-2010-5298 and further described in
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298
and URL: https://security-tracker.debian.org/tracker/CVE-2010-5298 .
--
Happy hacking
[Petter Reinholdtsen]
Why is this issue still open? Something wrong with the patch?
I guess not, as I just noticed it was commited today in
URL:
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d1f4b0f3d262edf1cf7023a01d5404945035d5
.
Thank you.
This issue seem to be reported
I have found a problem with SSL_MODE_RELEASE_BUFFERS and with
multithreading when using version 1.0.1e. This issue has already been
logged by someone at rt.openssl.org and the ticket # is 2167.
The issue is when the buffer is released by ssl3_release_read_buffer(),
there may still be data left
