DragonFly bugs List (threaded) for 2007-10
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
Re: [issue823] openssl buffer overflow.
| From: | ejc <eric.j.christeson@xxxxxxxxx> |
| Date: | Thu, 4 Oct 2007 15:00:44 -0500 |
On 10/4/07, Matthew Dillon <dillon@apollo.backplane.com> wrote: > :Simon 'corecode' Schubert <corecode@fs.ei.tum.de> added the comment: > : > :We have 0.9.8e in the tree. As far as I can tell, this should not be > :affected -- at least from looking at the CVE summaries. They all only > :talk about <=3D 0.9.8d. Unfortunately openssl.org doesn't really publish > :security issues (in a prominent place). > : > :cheers > : simon > > Ok, I'd appreciate it if someone could check that patch I posted against > what we have in the tree to determine whether our version is ok or not. > > Yah, yah, I could do it myself, but I'm trying to push for wider > participation here :-) The patch applies to our codebase. I'm trying to ascertain whether or not 0.9.8e is affected and it seems it should be -- the function in question is identical between 0.9.8d and 0.9.8e. The function doesn't appear to be used very much, so it's probably a low-exposure vulnerability, but that's not really the point, is it? :-) From the openssl cvs logs, they've checked the fix in on all the branches, but haven't cut a new release yet, so 0.9.8e is probably vulnerable. Eric
- Follow-Ups:
- Re: [issue823] openssl buffer overflow.
- From: "Simon 'corecode' Schubert" <corecode@fs.ei.tum.de>
- Re: [issue823] openssl buffer overflow.
- References:
- Re: openssl buffer overflow.
- From: "Simon 'corecode' Schubert" <corecode@fs.ei.tum.de>
- Re: [issue823] openssl buffer overflow.
- From: Matthew Dillon <dillon@apollo.backplane.com>
- Re: openssl buffer overflow.
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]