[openssl-dev] [openssl.org #3734] question about 0.9.7 branch

Allauddin Ahmad via RT rt at openssl.org
Sat Mar 7 17:14:17 UTC 2015 

Dear Concerned:

Can you please confirm that OpenSSL branch 0.9.7 branch is not affected by:


*        DTLS segmentation fault in dtls1_get_record (CVE-2014-3571 (CVE-2015-0206

*        DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)

*        no-ssl3 configuration sets method to NULL (CVE-2014-3569)

*        ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)

*        RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)

*        DH client certificates accepted without verification [Server] (CVE-2015-0205)

*        Certificate fingerprints can be modified (CVE-2014-8275)

*        Bignum squaring may produce incorrect results (CVE-2014-3570)

Since we do not find any mention of 0.9.7 branch in advisory links. Please note that OpenSSL 0.9.7 is shipped with Solaris10.

Thanks and Regards


Allauddin Ahmad
Sr. System Analyst-I | THPS
TELUS Health and Payment Solutions
505 March Rd., Suite 450,
Kanata, ON, K2K 3A4
T : (613) 576 2091
allauddin.ahmad at telus.com<mailto:michael.schulz at telus.com>
telushealth.com
[cid:image001.jpg at 01D0580F.9A788DD0]
The information contained herein, including any attachments, is proprietary and confidential and is intended for the exclusive use of the addressee. It also may contain privileged information and/or personal information subject to privacy legislation. The authorized addressee of this information, by its retention and use, agrees to protect the information contained herein from loss, disclosure, theft or compromise with at least the same care it employs to protect its own confidential information. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. If you have received this e-mail in error, please notify us immediately by reply e-mail and destroy all copies.




-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 5370 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150307/cc2f9c3c/attachment.jpg>

More information about the openssl-dev mailing list