On Thu, 01 Jul 2004 00:51:49 -0500, Albert Chin wrote: > On Wed, Jun 30, 2004 at 10:59:01PM -0500, Edward Rudd wrote: > Ok, thanks. I presume the patch below fixes CAN-2004-0488. According > to the description for CAN-2004-0488, the buffer overflow is in > ssl_util_uuencode_binary(), found in ssl_util.c. However, ssl_utils.c > has remained virtually the same between 2.0.48 and 2.0.50.
http://www.securityfocus.com/bid/10355/solution/ it's in the ssl_engine_kernel.c from revision 1.105 to 1.106
