Subject: Re: Impact of Multiple OpenSSL Vulnerabilities?
To: Johan Danielsson <>
From: Steven M. Bellovin <>
List: tech-security
Date: 07/31/2002 07:49:09
In message <>, Johan Danielsson writes:
>"Jeremy C. Reed" <> writes:
>> I am more interested in the libasn1 issues. I wonder if
>> src/crypto/dist/heimdal/lib/asn1/ should be updated.
>It does not share any code.
Given the number of different ASN.1 parsers that have had security 
bugs in the past, it may pay to audit in anyway.

		--Steve Bellovin, (me) ("Firewalls" book)