On Wed, Jun 11, 2014, Scott Neugroschl wrote: > Hi guys, > > I know 0.9.7 is no longer under development, but for various reasons, I have > an app that is still using 0.9.7g. > Is 0.9.7g subject to the vulnerability from CVD-0214-0224? >
I think you mean CVE-2014-0224. Yes it is vulnerable as an SSL/TLS client you're advised to fix servers too as a precaution. It shouldn't be too hard to backport the patches. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org