(=DoD.net Collective=) [ben@algroup.co.uk: Apache-SSL 1.3.22+1.47 - update to security fix]

From: Chris Mooney (godsflaw@dod.net)
Date: Fri Mar 08 2002 - 12:54:20 PST

Next message: motorskillz: "Re: (=DoD.net Collective=) [ben@algroup.co.uk: Apache-SSL 1.3.22+1.47 - update to security fix]"

Previous message: Chris Mooney: "Re: (=DoD.net Collective=) Sign Up Forms"
Next in thread: motorskillz: "Re: (=DoD.net Collective=) [ben@algroup.co.uk: Apache-SSL 1.3.22+1.47 - update to security fix]"
Reply: motorskillz: "Re: (=DoD.net Collective=) [ben@algroup.co.uk: Apache-SSL 1.3.22+1.47 - update to security fix]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

           **************************************
           ********* DoD.net Collective *********
           **************************************

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here is the official e-mail. And another reason to give
people some amount of time before you do a full disclosure.

Chris

- ----- Forwarded message from Ben Laurie <ben@algroup.co.uk> -----

On Friday 1st March 2002 I released a security alert for Apache-SSL,
announcing a fix to a buffer overflow. Unfortunately, because the fix
had to be released in haste (since I had not been alerted before public
disclosure), the fix had a bug.

Fortunately, the bug did not leave Apache-SSL vulnerable, but it did
prevent correct operation.

I have, therefore, released an updated version of Apache-SSL today,
1.3.22+1.47, which is available from all the usual places.

Users of versions prior to this should upgrade immediately.

Cheers,

Ben.

- --
http://www.apache-ssl.org/ben.html http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

- ----- End forwarded message -----

- --

Chris Mooney ....................... UNIX Systems Administrator
Daemons ofThe Damned ............... http://home.dod.net/
P.O. Box 1357 ...................... Tel: (619) 665-3845
Santa Cruz, CA 95061 ............... godsflaw@dod.net

My PGP Public Key Block can be found at:
http://godsflaw.dod.net/pgp-public-key.asc

Fingerprint: 8BD8 B2E1 FAF4 CB7D 8A35 59AD A6AD DDD0 AFEB 96FD

- - --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SunOS)
Comment: For info see http://www.gnupg.org

iD8DBQE8iST7pq3d0K/rlv0RAjEGAJ9etJQmN41DB376mxpBKSuve5oLNACg1cOV
gfTC85PpKMwIbEtnbkD+0H4=
=LEs/
-----END PGP SIGNATURE-----

*********************************************************
*If you would like to unsubscribe from this mailing list*
*please e-mail mail-lists@dod.net with the following in *
*the body of the message. *
* *
* unsubscribe collective *
* *
*If for any reason you need to contact the administrator*
*of this list please mail owner-collective@dod.net. You*
*can access the archives and more information about this*
*list by going to http://www.dod.net/collective/ . *
*********************************************************

Next message: motorskillz: "Re: (=DoD.net Collective=) [ben@algroup.co.uk: Apache-SSL 1.3.22+1.47 - update to security fix]"
Previous message: Chris Mooney: "Re: (=DoD.net Collective=) Sign Up Forms"
Next in thread: motorskillz: "Re: (=DoD.net Collective=) [ben@algroup.co.uk: Apache-SSL 1.3.22+1.47 - update to security fix]"
Reply: motorskillz: "Re: (=DoD.net Collective=) [ben@algroup.co.uk: Apache-SSL 1.3.22+1.47 - update to security fix]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Mar 08 2002 - 12:48:52 PST