Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Gentoo: Security

[Fwd: [ANNOUNCE] mod_ssl 2.8.20-1.3.31]

 

 

Gentoo security RSS feed   Index | Next | Previous | View Threaded


ixion at cfl

Oct 15, 2004, 12:53 PM

Post #1 of 2 (624 views)
Permalink
[Fwd: [ANNOUNCE] mod_ssl 2.8.20-1.3.31]

I don't know who to send this to, so please forgive me if I'm incorrect.
But just an FYI:

---------------------------- Original Message ----------------------------
Subject: [ANNOUNCE] mod_ssl 2.8.20-1.3.31
From: "Ralf S. Engelschall" <rse [at] engelschall>
Date: Fri, October 15, 2004 9:46
To: modssl-announce [at] modssl
--------------------------------------------------------------------------

Prompted by a security issue (see below), mod_ssl 2.8.20 for Apache 1.3.31
was released today. You can get it at the usual location:

o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/

Yours,
Ralf S. Engelschall
rse [at] engelschall
www.engelschall.com

Changes with mod_ssl 2.8.20 (16-Jul-2004 to 15-Oct-2004)

*) With OpenSSL 0.9.7, prevent session resumption during a
renegotiation to force the client to negotiate a new (and
acceptable to mod_ssl) cipher suite. Additionally, ensure
that a correct cipher suite has been negotiated afterwards
(CAN-2004-0885).

*) Fixed more printf(3) style format string bugs (not security
related) which could crash the server if mod_ssl's trace
or debug log level is enabled.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
Official Announcement Mailing List modssl-announce [at] modssl
Automated List Manager majordomo [at] modssl




--
gentoo-security [at] gentoo mailing list


krispykringle at gentoo

Oct 15, 2004, 12:56 PM

Post #2 of 2 (564 views)
Permalink
Re: [Fwd: [ANNOUNCE] mod_ssl 2.8.20-1.3.31] [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Joey McCoy wrote:
> I don't know who to send this to, so please forgive me if I'm incorrect.
> But just an FYI:
>

Hi, Joey. Could you please do us a favor and file this as a bug at
http://bugs.gentoo.org?

Thanks :)

- --
Dan ("KrispyKringle")
Gentoo Linux Security Coordinator
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iQEVAwUBQXArarDO2aFJ9pv2AQLwTQf/T4+LfkLakVYcXtdadts8ybmWdLivXwIQ
K00P6FjzQihJvDwE5bSE1puhaTKiSrE+Yu10qkGgMcYQWsWVDDY7Yn5fTzKqWHFF
XARwcPZZBYmdrXCEzYy8TAuBHjXeX8wIltAJap6GucUlUMv3NEDeABzg6Rbi8mGU
PkiaQXeYcMEAa6BIxlViBdmpIkd/G0RLDMmt+a6eogPcOPzT11YtGJQGsLQctagW
8qjR6rRGuUYl4E/n79Mgr3o3BZ0ZidDeBUvy0W74zv3+JNjHQimj35Z5VfTPomuU
7BE8tb6PkokgmNIQdNA3enzSFf1Znh8ldmzeBd36MLmobnHpNzJLcw==
=wm4z
-----END PGP SIGNATURE-----

--
gentoo-security [at] gentoo mailing list

Gentoo security RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.