Thomas Biege wrote:
Err, I was too much in the security-scope. We also fix non-security bugs. But that depends on the bug and the problem it causes.
Well, one could consider any bug in OpenSSL as being a security bug, considering the nature of the software... ;-)
What bugs do you like to see to be fixed?
http://www.openssl.org/news/vulnerabilities.html mentions CAN-2004-0975 as affecting OpenSSL 0.9.7d and being fixed in version 0.9.7f. http://www.openssl.org/news/changelog.html lists a whole bunch of fixes, changes and additions between 0.9.7d and 0.9.7g, so I consider it worthwhile to have the latest stable OpenSSL version (0.9.7g) available on the servers under my responsibility. -- Mit freundlichen Grüßen / Sincerely Dipl. Inform. Ralph Seichter