This also affects TTSSH when RSAREF is used. There's probably an attack on
the client from a third party who can spoof the server public key returned
when the client opens a session to any server.
So, anyone using the RSAREF-based LIBEAY32 should get rid of it, soon ...
Rob
--
[Robert O'Callahan http://www.cs.cmu.edu/~roc 6th year CMU CS PhD student
"I have seen the burden God has laid on men. He has made everything
beautiful in its time. He has also set eternity in the hearts of men; yet
they cannot fathom what God has done from beginning to end."
--- Ecclesiastes 3:10-11]
