How long exactly is ``shortly?'' Wouldn't the release be 0.9.6j, which I haven't
heard anything about?
thanks,
adam
On Mon, Mar 17, 2003 at 08:47:01AM +, Ben Laurie wrote:
I expect a release to follow shortly.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
-Language: en-us, en
MIME-Version: 1.0
To: Bugtraq [EMAIL PROTECTED], [EMAIL PROTECTED], OpenSSL Announce
[EMAIL PROTECTED], openssl-users [EMAIL PROTECTED], OpenSSL Dev [EMAIL PROTECTED]
Subject: [ADVISORY] Timing Attack on OpenSSL
X-Enigmail-Version: 0.73.1.0
X-Enigmail-Supports: pgp-inline, pgp
Hi Ben Laurie,
Do you mean that there would be a release (say 0.9.6j and 0.9.7b) with this
patch included.
Regards,
Umesh
Ben Laurie wrote:
I expect a release to follow shortly.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
There is no limit to what a man can do
Is this a new advisory. I've patched for a previous timing attack 2
weeks ago.
On Mon, 2003-03-17 at 03:47, Ben Laurie wrote:
I expect a release to follow shortly.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
There is no limit to what a man can do or how far he
This is a different vulnerability. The one you patched two weeks ago
was caused by a failure to decrypt messages when the MAC comparison
failed. This vulnerability is a timing attack against the RSA algorithms.
The Slashdot discussion is here:
I expect a release to follow shortly.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit. - Robert Woodruff
OpenSSL v0.9.7a and 0.9.6i vulnerability