openssl - was: 2.4.4c1 October 11, 2.4.4 final October 18
OpenSSL should probably be upgraded to 0.9.8.c (or possibly 0.9.7.k) because of the security patch. http://www.openssl.org/ http://www.openssl.org/news/secadv_20060905.txt I'm not sure which version shipped with the 2.4 windows binaries, but externals (for 2.5) still points to 0.9.8.a, which is vulnerable. openssl has also patched 0.9.7.k (0.9.7 was released in 2003) and the patch itself http://www.openssl.org/news/patch-CVE-2006-4339.txt should apply to 0.9.6 (released in 2000). -jJ
Jim Jewett schrieb:
OpenSSL should probably be upgraded to 0.9.8.c (or possibly 0.9.7.k) because of the security patch.
http://www.openssl.org/ http://www.openssl.org/news/secadv_20060905.txt
I'm not sure which version shipped with the 2.4 windows binaries, but externals (for 2.5) still points to 0.9.8.a, which is vulnerable.
If there is any change, it should be to 0.9.7k; we shouldn't switch to a new "branch" of OpenSSL in micro releases. However, I'm uncertain whether I can do the update in next weeks. Regards, Martin
participants (2)
-
"Martin v. Löwis" -
Jim Jewett