On Sat, Mar 07, 2015 at 06:14:17PM +0100, Allauddin Ahmad via RT wrote: OpenSSL 0.9.7 has been unsupported for quite some time. Therefore, as far as I know the OpenSSL team is not checking 0.9.7 to verify whether it is or is not affected by any recent vulnerability disclosures. It is almost certainly vulnerable to a number of unpatched issues older than the ones you list. That said:
> * DTLS segmentation fault in dtls1_get_record (CVE-2014-3571 > (CVE-2015-0206 > * DTLS memory leak in dtls1_buffer_record (CVE-2015-0206) 0.9.7 has no DTLS support, so these can't be a problem. > * no-ssl3 configuration sets method to NULL (CVE-2014-3569) The Solaris 0.9.7 is not compiled without SSLv3 support. > * ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572) 0.9.7 has no support elliptic curve cryptography. -- Viktor. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev