How long exactly is ``shortly?'' Wouldn't the release be 0.9.6j, which I haven't
heard anything about?
thanks,
adam
On Mon, Mar 17, 2003 at 08:47:01AM +, Ben Laurie wrote:
> I expect a release to follow shortly.
>
> --
> http://www.apache-ssl.org/ben.html http://www.thebunker.net/
GB; rv:1.3b) Gecko/20030210
>X-Accept-Language: en-us, en
>MIME-Version: 1.0
>To: Bugtraq <[EMAIL PROTECTED]>, [EMAIL PROTECTED], OpenSSL Announce
<[EMAIL PROTECTED]>, openssl-users <[EMAIL PROTECTED]>, OpenSSL Dev <[EMAIL PROTECTED]>
>Subject: [ADVISORY] Tim
This is a different vulnerability. The one you patched two weeks ago
was caused by a failure to decrypt messages when the MAC comparison
failed. This vulnerability is a timing attack against the RSA algorithms.
The Slashdot discussion is here:
http://slashdot.org/article.pl?sid=03/03/14/0012
Is this a new advisory. I've patched for a previous timing attack 2
weeks ago.
On Mon, 2003-03-17 at 03:47, Ben Laurie wrote:
> I expect a release to follow shortly.
>
> --
> http://www.apache-ssl.org/ben.html http://www.thebunker.net/
>
> "There is no limit to what a man can do or how fa
Hi Ben Laurie,
Do you mean that there would be a release (say 0.9.6j and 0.9.7b) with this
patch included.
Regards,
Umesh
Ben Laurie wrote:
>
> I expect a release to follow shortly.
>
> --
> http://www.apache-ssl.org/ben.html http://www.thebunker.net/
>
> "There is no limit to what a man
I expect a release to follow shortly.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
OpenSSL v0.9.7a and 0.9.6i vulnerability
-
