Quanah Gibson-Mount quanah at
Tue Mar 3 23:23:36 UTC 2020

--On Tuesday, March 3, 2020 5:16 PM -0500 Chris Rhoads 
<crhoads at> wrote:

> But I've been unable to determine with certainty how the last
> vulnerability on this list (CVE-1999-0428) was fixed.  In my research,
> I've found a potential OpenSSL update in release 0.9.2b that may have
> addressed the vulnerability: 
> But this security alert message doesn't reference any CVE number.

The above email is related to this commit in the OpenSSL source tree:


Since it pre-dates the CVE being filed, it has no reference to the CVE 
itself in the commit.  Someone from the OpenSSL project would have to 
confirm if that is indeed the fix for the above CVE (and if so, then the 
CVE database needs updating).



Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:

More information about the openssl-users mailing list