ID: 26415 User updated by: dietrich dot ayala at foundstone dot com Reported By: dietrich dot ayala at foundstone dot com -Status: Closed +Status: Open Bug Type: OpenSSL related Operating System: win32 PHP Version: 4.3.4 Assigned To: edink New Comment:
the latest 4.3.5 snaps are still using version 0.9.7b. these vulns are widely known and have been in the field for quite a while. it'd be great to get this updated. thanks so much for your effort edin! Previous Comments: ------------------------------------------------------------------------ [2004-01-03 18:26:29] [EMAIL PROTECTED] Finally, I managed to find some time to upgrade openssl. The version bundled with the snaps and releases from now on is OpenSSL-0.9.7c. ------------------------------------------------------------------------ [2003-12-03 13:43:07] dietrich dot ayala at foundstone dot com Hi Edin, Is there any ETA on this? I've tried using the new DLLs but they don't work. Wez said the function signatures may have changed. Thanks! Dietrich ------------------------------------------------------------------------ [2003-11-27 11:45:44] [EMAIL PROTECTED] Edin, take care.. :) ------------------------------------------------------------------------ [2003-11-25 20:18:18] dietrich dot ayala at foundstone dot com Description: ------------ the version of openssl shipped w/ php is has known vulnerabilities. php should be updated to the latest version of openssl (0.9.7c). http://www.openssl.org/news/secadv_20030930.txt thanks, dietrich ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=26415&edit=1