Oh, okay. Thank you for that tidbit. If not a DoS, how does the issue manifest itself in 0.9.8 if an adversary uses/attempts to use the flaw?
Thanks. ----- Original Message ----- > From: Dr. Stephen Henson <st...@openssl.org> > To: openssl-users@openssl.org > Cc: > Sent: Thursday, January 16, 2014 12:22 PM > Subject: Re: CVE-2013-6450 and 0.9.8-line > > On Thu, Jan 16, 2014, no_spam...@yahoo.com wrote: > > >> It is my understanding that 0.9.8y contains the DTLS retransmission flaw >> described in CVE-2013-6450. >> > > It contains the flaw but it is not a DoS issue in 0.9.8. > > It's not a trivial fix for 0.9.8 because the DTLS record handling changed in > 1.0.0. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
