Thank you very much for the update in a quick time.
On Sat, Aug 9, 2014 at 12:09 AM, Matt Caswell <m...@openssl.org> wrote: > > > On 08/08/14 12:26, Matt Caswell wrote: > > > Hi Jaya > > > > CVE-2014-3505 has two sites which are affected by the same problem > > (either of these can be present for the issue to occur). One > > of these is dtls1_reassemble_fragment, which you rightly say was not > > introduced until 0.9.8o. However the other site is in > > dtls1_process_out_of_seq_message. This issue was introduced in 0.9.8m. > > Therefore 0.9.8 - 0.9.8l are not affected. > > > > CVE-2014-3506 primarily addresses issues in dtls1_reassemble_fragment. > > However it does also address a problem in the non-fragmented case where > > there was no check for the maximum handshake message size, and this > > problem also exists in 0.9.8. Therefore 0.9.8 is still affected. > > > > CVE-2014-3507 deals with an issue where zero length fragments result in > > a memory leak due to a flaw in the logic regarding reassembling > > fragments. Since this logic does not exist in 0.9.8 - 0.9.8n, you are > > correct that they are not affected. > > > > I will correct the Security Advisory and the vulnerabilities page with > > regards to CVE-2014-3505 and CVE-2014-3507. > > I have updated the vulnerabilities page (should show on the web site > soon). I haven't updated the Security Advisory as I think the advice is > still correct (0.9.8 users are advised to upgrade to 0.9.8zb). > > As noted in another thread CVE-2014-3507 only applies to 0.9.8o onwards > and 1.0.0a onwards (i.e. not 1.0.0). > > Matt > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
