On Mon, Jun 20, 2005 at 02:17:05PM +0200, Ralph Seichter wrote:
Thomas Biege wrote:
Err, I was too much in the security-scope. We also fix non-security bugs. But that depends on the bug and the problem it causes.
Well, one could consider any bug in OpenSSL as being a security bug, considering the nature of the software... ;-)
What bugs do you like to see to be fixed?
http://www.openssl.org/news/vulnerabilities.html mentions CAN-2004-0975 as affecting OpenSSL 0.9.7d and being fixed in version
This bug will be fixed together with the next update of openssl. Frankly this is a very minor bug. :)
0.9.7f. http://www.openssl.org/news/changelog.html lists a whole bunch of fixes, changes and additions between 0.9.7d and 0.9.7g, so I consider it worthwhile to have the latest stable OpenSSL version (0.9.7g) available on the servers under my responsibility.
We don't do version updates (with some exceptions) due to bad sideeffects. -- Bye, Thomas -- Thomas Biege <thomas@suse.de>, SUSE LINUX, Security Support & Auditing -- Ray's Rule of Precision: Measure with a micrometer. Mark with chalk. Cut with an axe.