Bugtraq mailing list archives
Re: OpenSSL patches for other versions
From: "Ademar de Souza Reis Jr." <ademar () conectiva com br>
Date: Tue, 30 Jul 2002 14:42:12 -0300
On Tue, Jul 30, 2002 at 11:15:00AM +0100, Ben Laurie wrote:
Enclosed are patches for today's OpenSSL security alert which apply to other versions. The patch for 0.9.7 is supplied by Ben Laurie <ben () algroup co uk> and the remainder by Vincent Danen (email not supplied). Patches are for 0.9.5a, 0.9.6 (use 0.9.6b patch), 0.9.6b, 0.9.6c, 0.9.7-dev. These patches are known to apply correctly but have not been thoroughly tested.
Hello. While checking the patches you sent I noticed that in the ones for openssh < 0.9.7-dev, the ASN.1 fix is not present (several checks in crypto/asn1/asn1_lib.c). So I backported the fixes based on 0.9.7-dev and in a patch for 0.9.6d sent by Ben Laurie to openssl-team () openssl org on July27 (subject: Final version?). Patches for 0.9.5a, 0.9.6a and 0.9.6b including fix for ASN.1 vulns attached. They're not well tested yet - after sucessful compilation. Cheers. - Ademar -- Ademar de Souza Reis Jr. <ademar () conectiva com br> ^[:wq!
Attachment:
openssl-0.9.5a-security.patch
Description:
Attachment:
openssl-0.9.6a-security.patch
Description:
Attachment:
openssl-0.9.6b-security.patch
Description:
Current thread:
- OpenSSL patches for other versions Ben Laurie (Jul 30)
- Re: OpenSSL patches for other versions Ademar de Souza Reis Jr. (Jul 30)