Hi All, The following vulnerability fixes in 0.9.8 zb seems to be related to the DTLS reassemble fragment functionality that is introduced from 0.9.8 o version.
CVE-2014-3505 -Avoid double free when processing DTLS packets CVE-2014-3506 -Fix DTLS handshake message size checks CVE-2014-3507 -Fix memory leak from zero-length DTLS fragments As per the https://www.openssl.org/news/vulnerabilities.html, all the versions of openssl 0.9.8. This includes the versions before 0.9.8 o where the DTLS reassemble fragment is not present. Can some one confirm if it is updated by mistake or is all the versions of 0.9.8 are affected with the above vulnerabilities too.. appreciate your quick response on this. regards, -Jaya.
