9.2.2rc1: openssl has to be 0.9.6f
GILBERT.R.LOOMIS at saic.com
Wed Aug 14 20:56:41 UTC 2002
Yep, now that I look closely 0.9.6f does state that it
"is a security and bugfix release" but there's no info
as to the specifics. I had missed this when looking at
the release announcement. Can anyone comment on the likelihood
of older BIND 9.2.1 installations compiled --with-openssl
against 0.9.6e actually being vulnerable to the (unspecified)
vulnerabilities in 0.9.6e?
> -----Original Message-----
> From: Jun-ichiro itojun Hagino [mailto:itojun at iijlab.net]
> Sent: Wednesday, 14 August, 2002 14:38
> To: bind9-workers at isc.org
> Subject: 9.2.2rc1: openssl has to be 0.9.6f
> >1349. [security] Mimimum OpenSSL version now 0.9.6e
> (was 0.9.5a).
> 0.9.6e is vulnerable. require 0.9.6f or higher.
More information about the bind-workers