Hi all, Recently, OpenSSL Security Advisory sent a message about a new vulnerability which was found and numbered as CVE-2013-0169. This announce advises to all SSL and TLS users to upgrade the OpenSSL version. But from a quick Google search, it looks like there is a contradiction between the OpenSSL details description to the description of this issue in many sites on the web: http://en.securitylab.ru/nvd/437439.php , http://www.cvedetails.com/cve/CVE-2013-0169/ and http://en.securitylab.ru/nvd/437439.php describe that this vulnerability affects just "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2", but in the OpenSSL announcements it's described that this effects also SSL and TLS 1.0: " They also apply to implementations of SSL 3.0 and TLS 1.0 that incorporate countermeasures to previous padding oracle attacks".
This is critical for us to know whether it's a typo mistake in the OpenSSL announcements or in the sites I noted above. Can anyone please assist us to in clearing up this point? Thanks in advance, Rachel --------------------------------------------------------------------- Intel Israel (74) Limited This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.