OpenSSL 0.9.7a seems to be vulnerable (was: Re: LKM Trojan)
James McKenzie
jjmckenzie51 at earthlink.net
Sun Dec 5 06:21:42 UTC 2004
thomas.skybakmoen at runbox.no wrote:
> May I ask why openssl 0.9.7a is used and not the latest, when looking at the rate of when packages are updated in Fedora this is close to the only one beeing held back..why?
>
> Thomas
>
Thomas:
The version of OpenSSL is patched for the known problems with 0.9.7a. I
agree that the current version # should be used when the test cycle is
started and then the patch level increased. Also, a changelog would
help greatly when determining if a CVE is addressed.
--
James McKenzie
More information about the fedora-list
mailing list