On Thu, Oct 02, 2003, [EMAIL PROTECTED] wrote: > Hi all, > > I have read the latest advisory that mentions the following 4 > bugs in OpenSSL > > 1. ASN1-invalid-encoding related > 2. Unusual-ASN1-tag related > 3. Malformed-public-key-in-a-certificate related > 4. SSL/TLS-protocol-handling related > > The advisory also says that bug-4 will expose bugs 1, 2 and 3. > > I am running 9.6g. > > It would be expeditious for me to patch 9.6g such that the patch > takes care of bug-4, although in the long run, I would go to > 9.6k, as recommended. > > Is such a patch available? >
Try this: http://cvs.openssl.org/chngview?cn=11214 > Also, what is 9.7c? 0.9.7c is the latest stable release version. > Does it make more sense to go to this one than 9.6k? > If the applications you are using will work with 0.9.7c yes. However there is around 2 years gap between the first 0.9.6 and 0.9.7 release and some major changes which might break older code. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
