[Pkg-openssl-devel] Bug#363516: DSA 1571 vulnerability first introduced in 0.9.8c-1
Thijs Kinkhorst
thijs at debian.org
Wed May 14 07:53:37 UTC 2008
For all clarity: the change in 0.9.8b-1 as indicated above did not actually
introduce the bug described in DSA-1571 yet, but instead created a separate
rand/md_rand.c file. It did not change the file that was actually compiled.
The bug as in DSA-1571 is only present starting with version 0.9.8c-1, that
included this changelog entry:
* Move the modified rand/md_rand.c file to the right place,
really fixing #363516.
Hence, what the DSA describes as first vulnerable version is the correct one.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20080514/8a50d35d/attachment.pgp
More information about the Pkg-openssl-devel
mailing list