Re: OpenSSL 1.0.0c released

2010-12-03 Thread Marcus Carey
++ = *_tmp2++; //There is a problem here } Marcus - Original Message - From: "Victor Duchovni" To: Sent: Friday, December 03, 2010 8:06 AM Subject: Re: OpenSSL 1.0.0c released On Fri, Dec 03, 2010 at 09:50:49AM -0500, Erik Tkal wrote: That's a pretty bold statem

Re: OpenSSL 1.0.0c released

2010-12-03 Thread Victor Duchovni
On Fri, Dec 03, 2010 at 09:50:49AM -0500, Erik Tkal wrote: > That's a pretty bold statement and doesn't always apply in a product > environment. I have a production environment. The non-security issues in the unpatched 1.0.0b release create substantial interoperability issues with servers and cli

RE: OpenSSL 1.0.0c released

2010-12-03 Thread Erik Tkal
That's a pretty bold statement and doesn't always apply in a product environment. I have not deployed 1.0.0b (because of the pending issues); I'm still at 1.0.0a and have to decide whether to patch the vulnerabilities, or risk updating OpenSSL completely and retesting all of its consumers. E

Re: OpenSSL 1.0.0c released

2010-12-02 Thread Victor Duchovni
On Thu, Dec 02, 2010 at 03:03:02PM -0500, Erik Tkal wrote: > Can someone point to details on CVE-2010-4180 and CVE-2010-4252? > CVE-2010-3864 was the reason 1.0.0b was released, but I cannot find any > references to the other two. 1.0.0c contains important non-security bug fixes for 1.0.0b, so yo

Re: OpenSSL 1.0.0c released

2010-12-02 Thread Mounir IDRASSI
...@master.openssl.org; openssl-...@master.openssl.org; openssl-us...@master.openssl.org Subject: OpenSSL 1.0.0c released -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.0c released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org

Re: OpenSSL 1.0.0c released

2010-12-02 Thread Dr. Stephen Henson
On Thu, Dec 02, 2010, Erik Tkal wrote: > Can someone point to details on CVE-2010-4180 and CVE-2010-4252? > CVE-2010-3864 was the reason 1.0.0b was released, but I cannot find any > references to the other two. > > http://www.openssl.org/news/secadv_20101202.txt Steve. -- Dr Stephen N. Hens

RE: OpenSSL 1.0.0c released

2010-12-02 Thread Erik Tkal
-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of OpenSSL Sent: Thursday, December 02, 2010 2:17 PM To: openssl-annou...@master.openssl.org; openssl-...@master.openssl.org; openssl-us...@master.openssl.org Subject: OpenSSL 1.0.0c released -BEGIN PGP SIGNED MESSAGE

OpenSSL 1.0.0c released

2010-12-02 Thread OpenSSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.0c released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.0c of our open source