[24527] in bugtraq
Apache-SSL 1.3.22+1.47 - update to security fix
daemon@ATHENA.MIT.EDU (Ben Laurie)
Mon Mar 4 18:14:32 2002
Message-ID: <3C838917.B5B5501D@algroup.co.uk>
Date: Mon, 04 Mar 2002 14:47:51 +0000
From: Ben Laurie <ben@algroup.co.uk>
MIME-Version: 1.0
To: Apache SSL <apache-ssl@lists.aldigital.co.uk>,
Apache SSL Announce <apache-sslannounce@lists.aldigital.co.uk>,
Bugtraq <BUGTRAQ@securityfocus.com>,
CERT Coordination Center <cert@cert.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
On Friday 1st March 2002 I released a security alert for Apache-SSL,
announcing a fix to a buffer overflow. Unfortunately, because the fix
had to be released in haste (since I had not been alerted before public
disclosure), the fix had a bug.
Fortunately, the bug did not leave Apache-SSL vulnerable, but it did
prevent correct operation.
I have, therefore, released an updated version of Apache-SSL today,
1.3.22+1.47, which is available from all the usual places.
Users of versions prior to this should upgrade immediately.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
