openssl update
Jesse Keating
jkeating at j2solutions.net
Wed Mar 17 23:30:54 UTC 2004
On Wednesday 17 March 2004 15:28, Michal Jaegermann wrote:
> The code seems to be everywhere really the same and really the same
> patches apply. Also people from Red Hat seem to be of the same
> opinion as packages listed in Red Hat alert RHSA-2004:119-01 are,
> for all practical purposes, the same as what is used in 7.3.
It's my understanding (after talking with some Red Hat folks) that the
only fix for the 0.9.6b packages is for CAN-2004-0081. In fact,
looking at the RHL9 package openssl096b-0.9.6b-15.src.rpm, the
changelog shows only:
* Mon Mar 8 2004 Joe Orton <jorton at redhat.com> 0.9.6b-15
- add security fix for CAN-2004-0081
- conditionalize use of -Wa,--noexecstack
This confirms my thought that 0.9.6b is only effected by CAN-2004-0081.
> Fixes are indeed really short. openssl-0.9.6c-spinfix.patch is
> really a one-liner; openssl-0.9.6b-recursion.patch for ASN1 code
> a bit longer but not by much.
Where do you see openssl-0.9.6b-recursion.patch? It's not in RHL9's
openssl096b-0.9.6b-15.src.rpm.
--
Jesse Keating RHCE (geek.j2solutions.net)
Fedora Legacy Team (www.fedoralegacy.org)
GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub)
Was I helpful? Let others know:
http://svcs.affero.net/rm.php?r=jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20040317/950b3175/attachment.sig>
More information about the fedora-legacy-list
mailing list