I don't know who to send this to, so please forgive me if I'm incorrect.
But just an FYI:
---------------------------- Original Message ----------------------------
Subject: [ANNOUNCE] mod_ssl 2.8.20-1.3.31
From: "Ralf S. Engelschall" <rse@engelschall.com>
Date: Fri, October 15, 2004 9:46
To: modssl-announce@modssl.org
--------------------------------------------------------------------------
Prompted by a security issue (see below), mod_ssl 2.8.20 for Apache 1.3.31
was released today. You can get it at the usual location:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
rse@engelschall.com
www.engelschall.com
Changes with mod_ssl 2.8.20 (16-Jul-2004 to 15-Oct-2004)
*) With OpenSSL 0.9.7, prevent session resumption during a
renegotiation to force the client to negotiate a new (and
acceptable to mod_ssl) cipher suite. Additionally, ensure
that a correct cipher suite has been negotiated afterwards
(CAN-2004-0885).
*) Fixed more printf(3) style format string bugs (not security
related) which could crash the server if mod_ssl's trace
or debug log level is enabled.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
Official Announcement Mailing List modssl-announce@modssl.org
Automated List Manager majordomo@modssl.org
--
gentoo-security@gentoo.org mailing list
But just an FYI:
---------------------------- Original Message ----------------------------
Subject: [ANNOUNCE] mod_ssl 2.8.20-1.3.31
From: "Ralf S. Engelschall" <rse@engelschall.com>
Date: Fri, October 15, 2004 9:46
To: modssl-announce@modssl.org
--------------------------------------------------------------------------
Prompted by a security issue (see below), mod_ssl 2.8.20 for Apache 1.3.31
was released today. You can get it at the usual location:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
rse@engelschall.com
www.engelschall.com
Changes with mod_ssl 2.8.20 (16-Jul-2004 to 15-Oct-2004)
*) With OpenSSL 0.9.7, prevent session resumption during a
renegotiation to force the client to negotiate a new (and
acceptable to mod_ssl) cipher suite. Additionally, ensure
that a correct cipher suite has been negotiated afterwards
(CAN-2004-0885).
*) Fixed more printf(3) style format string bugs (not security
related) which could crash the server if mod_ssl's trace
or debug log level is enabled.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
Official Announcement Mailing List modssl-announce@modssl.org
Automated List Manager majordomo@modssl.org
--
gentoo-security@gentoo.org mailing list