Patch for Correct fix for CVE-2013-0169 for openssl-.0.9.8y

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Patch for Correct fix for CVE-2013-0169 for openssl-.0.9.8y

Costas Stasimos
Hello!

I'm currenty working with openssl-0.9.8.y. As we can see in the changelog in the official openssl page there is a correct fix concerning the CVE-2013-0169 which is only available at version openssl-1.0.1.e.

My question is when do you plan to included this change at the series 0.9.8??

Is there already prepared patch for 0.9.8y for this issue? If yes where I could download it?

Is it possible to overcome this problem without update to 1.0.1.e?

Also does this issue can lead to "BAD_CLIENT_HANDSHAKE" and dropped valid SSL connections??

Thanks in advance!
Reply | Threaded
Open this post in threaded view
|

Re: Patch for Correct fix for CVE-2013-0169 for openssl-.0.9.8y

mancha1
Costas Stasimos <coststasimos <at> gmail.com> writes:
> Is there already prepared patch for 0.9.8y for this issue? If yes
> where I could download it?

Hi. there's a fix already committed in the git tree which means
it'll be included in the next 0.9.8 release.

You can grab it here:

https://github.com/openssl/openssl/commit
/59b1129e0a50fdf7e4e58d7c355783a7bfc1f44c

--mancha


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Patch for Correct fix for CVE-2013-0169 for openssl-.0.9.8y

Costas Stasimos
Hello mancha

Thanks for your reply!

I'm wondering if this fix has to do with problems such as  "BAD_CLIENT_HANDSHAKE" and dropped valid SSL connections??

Οr in other words, what kind of problems and in which circumstances this issue can be affect?

thanks in advance

---------- Forwarded message ----------
From: mancha <[hidden email]>
Date: 2013/9/29
Subject: Re: Patch for Correct fix for CVE-2013-0169 for openssl-.0.9.8y
To: [hidden email]


Costas Stasimos <coststasimos <at> gmail.com> writes:
> Is there already prepared patch for 0.9.8y for this issue? If yes
> where I could download it?

Hi. there's a fix already committed in the git tree which means
it'll be included in the next 0.9.8 release.

You can grab it here:

https://github.com/openssl/openssl/commit
/59b1129e0a50fdf7e4e58d7c355783a7bfc1f44c

--mancha


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]