The security advisory only has 3 security issues referenced within it, though it mentions 4 security fixes. Is the fourth one the "RSA signature with modulus 3 forgery" issue fixed in 0.9.8c and 0.9.7k?
No, look closer, the first one (ASN.1 Denial of Service Attacks [yes, plural]), has two advisories, CVE-2006-2937 and CVE-2006-2940. Then obviously there is the buffer overflow (CVE-2006-3738) and the SSLv2 client crash (CVE-2006-4343). -Brad ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
