openssl vulnerability (CVE-2006-4339)

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

openssl vulnerability (CVE-2006-4339)

Wolf, Josef
Hello!

I wonder whether there are any plans to provide fixes for the openssl
vulnerability described in

  http://www.heise.de/security/news/meldung/77783

and

  http://www.openssl.org/news/secadv_20060905.txt

The fixes from upstream are available for more than two weeks now.
In the meantime, there is even an exploit available:

  http://www.heise.de/security/news/meldung/78274


--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here

Reply | Threaded
Open this post in threaded view
|

Re: openssl vulnerability (CVE-2006-4339)

Marcus Meissner
On Fri, Sep 22, 2006 at 10:47:22AM +0200, Wolf, Josef wrote:

> Hello!
>
> I wonder whether there are any plans to provide fixes for the openssl
> vulnerability described in
>
>   http://www.heise.de/security/news/meldung/77783
>
> and
>
>   http://www.openssl.org/news/secadv_20060905.txt

Yes.
 
Ciao, Marcus

--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here