On Mon, Jan 20, 2014, no_spam...@yahoo.com wrote: > > Can you give me any information with regards to how the exploitation of > CVE-2013-6450 against 0.9.8y may manifest itself? If not a DoS, could it > cause a process using libssl to core, cause libssl to return an "okay" when > it should returned an error status, leak sensitive information, etc.? >
Any of those would count as security issues. With 0.9.8y all that will happen is the DTLS retry wont be accepted by the peer and the renegotiation will fail and the connection ultimately close. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org