| 1 |
I don't know who to send this to, so please forgive me if I'm incorrect. |
| 2 |
But just an FYI: |
| 3 |
|
| 4 |
---------------------------- Original Message ---------------------------- |
| 5 |
Subject: [ANNOUNCE] mod_ssl 2.8.20-1.3.31 |
| 6 |
From: "Ralf S. Engelschall" <rse@×××××××××××.com> |
| 7 |
Date: Fri, October 15, 2004 9:46 |
| 8 |
To: modssl-announce@××××××.org |
| 9 |
-------------------------------------------------------------------------- |
| 10 |
|
| 11 |
Prompted by a security issue (see below), mod_ssl 2.8.20 for Apache 1.3.31 |
| 12 |
was released today. You can get it at the usual location: |
| 13 |
|
| 14 |
o http://www.modssl.org/source/ |
| 15 |
o ftp://ftp.modssl.org/source/ |
| 16 |
|
| 17 |
Yours, |
| 18 |
Ralf S. Engelschall |
| 19 |
rse@×××××××××××.com |
| 20 |
www.engelschall.com |
| 21 |
|
| 22 |
Changes with mod_ssl 2.8.20 (16-Jul-2004 to 15-Oct-2004) |
| 23 |
|
| 24 |
*) With OpenSSL 0.9.7, prevent session resumption during a |
| 25 |
renegotiation to force the client to negotiate a new (and |
| 26 |
acceptable to mod_ssl) cipher suite. Additionally, ensure |
| 27 |
that a correct cipher suite has been negotiated afterwards |
| 28 |
(CAN-2004-0885). |
| 29 |
|
| 30 |
*) Fixed more printf(3) style format string bugs (not security |
| 31 |
related) which could crash the server if mod_ssl's trace |
| 32 |
or debug log level is enabled. |
| 33 |
______________________________________________________________________ |
| 34 |
Apache Interface to OpenSSL (mod_ssl) www.modssl.org |
| 35 |
Official Announcement Mailing List modssl-announce@××××××.org |
| 36 |
Automated List Manager majordomo@××××××.org |
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
-- |
| 42 |
gentoo-security@g.o mailing list |
Archives