On Wednesday 17 March 2004 15:28, Michal Jaegermann wrote: > The code seems to be everywhere really the same and really the same > patches apply. Also people from Red Hat seem to be of the same > opinion as packages listed in Red Hat alert RHSA-2004:119-01 are, > for all practical purposes, the same as what is used in 7.3. It's my understanding (after talking with some Red Hat folks) that the only fix for the 0.9.6b packages is for CAN-2004-0081. In fact, looking at the RHL9 package openssl096b-0.9.6b-15.src.rpm, the changelog shows only: * Mon Mar 8 2004 Joe Orton <jorton redhat com> 0.9.6b-15 - add security fix for CAN-2004-0081 - conditionalize use of -Wa,--noexecstack This confirms my thought that 0.9.6b is only effected by CAN-2004-0081. > Fixes are indeed really short. openssl-0.9.6c-spinfix.patch is > really a one-liner; openssl-0.9.6b-recursion.patch for ASN1 code > a bit longer but not by much. Where do you see openssl-0.9.6b-recursion.patch? It's not in RHL9's openssl096b-0.9.6b-15.src.rpm. -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating
Attachment:
pgp00016.pgp
Description: signature