Here are a couple of clarifications.
Bob Relyea wrote:
>
> Ben Bucksch wrote:
>
> > Wan-Teh Chang wrote:
> >
> >> RSA key pair generation [...] is
> >> also done by all products that generate Certificate Signing
> >> Requests.
> >
> > Does PSM do that and when, i.e. is PSM affected?
> >
> The PSM binary we release still uses the internal lib crypto version of
> NSS.
No version of libcrypto has ever had this particular problem.
Likewise, products built with BSAFE Crypto-C are not vulnerable.
> Any one who builds PSM and NSS on their own
... with libfreebl ...
> should make sure that they have the up to date version of NSS to
> make sure they aren't vulnerable to the bug.
> bob
--
Nelson B. Bolyard
Disclaimer: I speak for myself, not for Netscape
