tech-security: Re: openssl-0.9.6e DoS advisory vs audit-packages

Subject: Re: openssl-0.9.6e DoS advisory vs audit-packages
To: Aaron J. Grier <agrier@poofygoof.com>
From: None <itojun@iijlab.net>
List: tech-security
Date: 08/10/2002 09:45:16

>Package openssl-0.9.6e has a denial-of-service vulnerability, see             
>http://www.openssl.org/news/secadv_20020730.txt                            
>the advisory itself indicates 0.9.6d has the problem and suggests
>upgrading to openssl-0.9.6e.

	yes, i need to find a better URL.  openssl 0.9.6e is indeed vulnerable,
	and we need to upgrade to 0.9.6f (or g).

itojun