++ = *_tmp2++; //There is a problem here
}
Marcus
- Original Message -
From: "Victor Duchovni"
To:
Sent: Friday, December 03, 2010 8:06 AM
Subject: Re: OpenSSL 1.0.0c released
On Fri, Dec 03, 2010 at 09:50:49AM -0500, Erik Tkal wrote:
That's a pretty bold statem
On Fri, Dec 03, 2010 at 09:50:49AM -0500, Erik Tkal wrote:
> That's a pretty bold statement and doesn't always apply in a product
> environment.
I have a production environment. The non-security issues in the unpatched
1.0.0b release create substantial interoperability issues with servers
and cli
That's a pretty bold statement and doesn't always apply in a product
environment.
I have not deployed 1.0.0b (because of the pending issues); I'm still at 1.0.0a
and have to decide whether to patch the vulnerabilities, or risk updating
OpenSSL completely and retesting all of its consumers.
E
On Thu, Dec 02, 2010 at 03:03:02PM -0500, Erik Tkal wrote:
> Can someone point to details on CVE-2010-4180 and CVE-2010-4252?
> CVE-2010-3864 was the reason 1.0.0b was released, but I cannot find any
> references to the other two.
1.0.0c contains important non-security bug fixes for 1.0.0b, so yo
http://www.openssl.org/news/secadv_20101202.txt
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 12/2/2010 9:03 PM, Erik Tkal wrote:
Can someone point to details on CVE-2010-4180 and CVE-2010-4252? CVE-2010-3864
was the reason 1.0.0b was released, but I cannot find any references to the
other
On Thu, Dec 02, 2010, Erik Tkal wrote:
> Can someone point to details on CVE-2010-4180 and CVE-2010-4252?
> CVE-2010-3864 was the reason 1.0.0b was released, but I cannot find any
> references to the other two.
>
>
http://www.openssl.org/news/secadv_20101202.txt
Steve.
--
Dr Stephen N. Hens
Can someone point to details on CVE-2010-4180 and CVE-2010-4252? CVE-2010-3864
was the reason 1.0.0b was released, but I cannot find any references to the
other two.
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From: owner-openss
