9.2.2rc1: openssl has to be 0.9.6f

Danny Mayer mayer at gis.net
Thu Aug 15 02:31:03 UTC 2002


At 04:56 PM 8/14/02, Loomis, Rip wrote:

>Yep, now that I look closely 0.9.6f does state that it
>"is a security and bugfix release" but there's no info
>as to the specifics.  I had missed this when looking at
>the release announcement.  Can anyone comment on the likelihood
>of older BIND 9.2.1 installations compiled --with-openssl
>against 0.9.6e actually being vulnerable to the (unspecified)
>vulnerabilities in 0.9.6e?
>

Wrong again! It's now 0.9.6g.  Sigh!!!! It's now billed as:
1) Important building fixes on Unix.
2) Fix crash in CSwift engine. [engine]

Hopefully it will settle down again. I'm pulling g now hoping that they
don't post h tomorrow.

Danny

>   --Rip
>
> > -----Original Message-----
> > From: Jun-ichiro itojun Hagino [mailto:itojun at iijlab.net]
> > Sent: Wednesday, 14 August, 2002 14:38
> > To: bind9-workers at isc.org
> > Subject: 9.2.2rc1: openssl has to be 0.9.6f
> >
> >
> >
> > >1349.   [security]      Mimimum OpenSSL version now 0.9.6e
> > (was 0.9.5a).
> > >
> > http://www.cert.org/advisories/CA-2002-23.html
> >
> >       0.9.6e is vulnerable.  require 0.9.6f or higher.
> >
> > itojun
> >



More information about the bind-workers mailing list