On 12/03/2014 17:39, William A. Rowe Jr. wrote: >> >> The fix was applied on Feb 11 2013. That would mean that official >> releases affected would be 0.9.8y, 1.0.0j and 1.0.1c. Any later >> official release should include the fix but we weren't planning to >> make any more 0.9.8 official releases though a 0.9.8 snapshot should >> include the fix. > > Perhaps a typo above? Or are we looking at several bugs? Rainer had > specifically mentioned 1.0.1e as faulting. >
Yes sorry. It's all the same single bug. Checking through the versions: For 0.9.8 branches: 0.9.8y affected, only fixed in 0.9.8 snapshots. For 1.0.0 branches: 1.0.0k affected fixed in 1.0.0l For 1.0.1 branches: 1.0.1d, 1.0.1e affected fixed in 1.0.0f Steve. -- Dr Stephen Henson. OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 +1 877-673-6775 shen...@opensslfoundation.com
