9.2.2rc1: openssl has to be 0.9.6f
mayer at gis.net
Thu Aug 15 02:31:03 UTC 2002
At 04:56 PM 8/14/02, Loomis, Rip wrote:
>Yep, now that I look closely 0.9.6f does state that it
>"is a security and bugfix release" but there's no info
>as to the specifics. I had missed this when looking at
>the release announcement. Can anyone comment on the likelihood
>of older BIND 9.2.1 installations compiled --with-openssl
>against 0.9.6e actually being vulnerable to the (unspecified)
>vulnerabilities in 0.9.6e?
Wrong again! It's now 0.9.6g. Sigh!!!! It's now billed as:
1) Important building fixes on Unix.
2) Fix crash in CSwift engine. [engine]
Hopefully it will settle down again. I'm pulling g now hoping that they
don't post h tomorrow.
> > -----Original Message-----
> > From: Jun-ichiro itojun Hagino [mailto:itojun at iijlab.net]
> > Sent: Wednesday, 14 August, 2002 14:38
> > To: bind9-workers at isc.org
> > Subject: 9.2.2rc1: openssl has to be 0.9.6f
> > >1349. [security] Mimimum OpenSSL version now 0.9.6e
> > (was 0.9.5a).
> > >
> > http://www.cert.org/advisories/CA-2002-23.html
> > 0.9.6e is vulnerable. require 0.9.6f or higher.
> > itojun
More information about the bind-workers