[openssl-dev] [openssl.org #3734] question about 0.9.7 branch
Dr. Stephen Henson
steve at openssl.org
Sat Mar 7 18:44:06 UTC 2015
On Sat, Mar 07, 2015, Allauddin Ahmad via RT wrote:
> Dear Concerned:
>
> Can you please confirm that OpenSSL branch 0.9.7 branch is not affected by:
>
As Viktor mentioned 0.9.7 is no longer being maintained.
However the following two issues will be present in 0.9.7:
>
> * RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
>
> * Certificate fingerprints can be modified (CVE-2014-8275)
>
And possibly this one too:
> * Bignum squaring may produce incorrect results (CVE-2014-3570)
>
It is quite likely that thare are many more problems with 0.9.7 too.
Please don't post questions to the bug tracker.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-dev
mailing list