ID: 26415
Updated by: [EMAIL PROTECTED]
Reported By: dietrich dot ayala at foundstone dot com
-Status: Open
+Status: Assigned
Bug Type: OpenSSL related
Operating System: win32
PHP Version: 4.3.4
Assigned To: edink
New Comment:
Did you really update ALL dlls from the snapshot package?
Previous Comments:
[2004-03-15 16:17:57] dietrich dot ayala at foundstone dot com
the latest 4.3.5 snaps are still using version 0.9.7b.
these vulns are widely known and have been in the field for quite a
while. it'd be great to get this updated.
thanks so much for your effort edin!
[2004-01-03 18:26:29] [EMAIL PROTECTED]
Finally, I managed to find some time to upgrade openssl. The version
bundled with the snaps and releases from now on is OpenSSL-0.9.7c.
[2003-12-03 13:43:07] dietrich dot ayala at foundstone dot com
Hi Edin,
Is there any ETA on this? I've tried using the new DLLs but they don't
work. Wez said the function signatures may have changed.
Thanks!
Dietrich
[2003-11-27 11:45:44] [EMAIL PROTECTED]
Edin, take care.. :)
[2003-11-25 20:18:18] dietrich dot ayala at foundstone dot com
Description:
the version of openssl shipped w/ php is has known vulnerabilities. php
should be updated to the latest version of openssl (0.9.7c).
http://www.openssl.org/news/secadv_20030930.txt
thanks,
dietrich
--
Edit this bug report at http://bugs.php.net/?id=26415edit=1