Customer are started asking me for this fix . So i need to release an immediate release of openssl with this fix . Not sure whether they are using DTLS . If any customer ask for the fix , i need to release the fix immediately (business policy).
The patch which i have applied is this(for openssl 9.8h and openssl 98k ) http://cvs.openssl.org/chngview?cn=18187 http://cvs.openssl.org/chngview?cn=18206 http://cvs.openssl.org/chngview?cn=18154 This is patch correct ? And is the openssl community going to announce this security vulnerability issue ? Please help Thanks Rajan On Wed, Jun 3, 2009 at 5:44 AM, Victor Duchovni < victor.ducho...@morganstanley.com> wrote: > On Tue, Jun 02, 2009 at 12:33:46AM -0700, rajanchittil wrote: > > > > > Hi All, > > > > Recently i got a security vulnerability issue alert reported in > > http://www.vupen.com/english/advisories/2009/1377. > > Are you using DTLS? If you application is not using DTLS (very few are), > you don't need to patch anything. DTLS support in OpenSSL does not > appear to be very mature at this time, and I don't expect that very > many users are impacted by this issue. > > -- > Viktor. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
