<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2600.0" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff background=""><FONT face=Arial size=2>Hi, <BR>I could see
the patch for "RSA Signature Forgery" available in the location <BR><A
href="http://www.openssl.org/news/patch-CVE-2006-4339.txt">http://www.openssl.org/news/patch-CVE-2006-4339.txt</A>
is been updated with <BR>removal of unwanted code lines on september
6.<BR><BR>Will these changes be commited to the OpenSSL releases 0.9.7 and
0.9.8. <BR>If so, when will be the souce packages ready with the updated
patch.<BR><BR>Thanks, <BR>-Siva<BR><BR>----- Original Message ----- <BR>From:
"Mark J Cox" <mark@awe.com><BR>To: <openssl-announce@openssl.org>;
<openssl-dev@openssl.org>; <full-disclosure@lists.grok.org.uk>;
<openssl-users@openssl.org><BR>Sent: Tuesday, September 05, 2006 3:11
PM<BR>Subject: [SECURITY] OpenSSL 0.9.8c and 0.9.7k released<BR><BR><BR>>
-----BEGIN PGP SIGNED MESSAGE-----<BR>> Hash: SHA1<BR>> <BR>>
<BR>> OpenSSL version 0.9.8c and 0.9.7k
released<BR>>
==========================================<BR>> <BR>>
OpenSSL - The Open Source toolkit for SSL/TLS<BR>>
http://www.openssl.org/<BR>> <BR>> The OpenSSL project
team is pleased to announce the release of<BR>> version
0.9.8c of our open source toolkit for SSL/TLS. This
new<BR>> OpenSSL version is a security and bugfix release
and incorporates<BR>> changes and bugfixes to the
toolkit. For a complete list of<BR>> changes, please
see http://www.openssl.org/source/exp/CHANGES.<BR>>
<BR>> This release fixes an important security
vulnerability which could<BR>> allow RSA Signature Forgery,
CVE-2006-4339. Please see<BR>>
http://www.openssl.org/news/secadv_20060905.txt<BR>>
<BR>> We also release 0.9.7k, which contains the security
update and<BR>> bugfixes compared to 0.9.7j.<BR>>
<BR>> We consider OpenSSL 0.9.8c to be the best version of
OpenSSL<BR>> available and we strongly recommend that users
of older versions<BR>> upgrade as soon as possible. OpenSSL
0.9.8c is available for<BR>> download via HTTP and FTP from
the following master locations (you<BR>> can find the
various FTP mirrors under<BR>>
http://www.openssl.org/source/mirror.html):<BR>>
<BR>> *
http://www.openssl.org/source/<BR>> *
ftp://ftp.openssl.org/source/<BR>> <BR>> For those who
want or have to stay with the 0.9.7 series of<BR>> OpenSSL,
we strongly recommend that you upgrade to OpenSSL
0.9.7k<BR>> as soon as possible. It's available in
the same location as<BR>> 0.9.8c.<BR>>
<BR>> The distribution file names are:<BR>>
<BR>> *
openssl-0.9.8c.tar.gz<BR>> MD5
checksum:
78454bec556bcb4c45129428a766c886<BR>>
SHA1 checksum: d0798e5c7c4509d96224136198fa44f7f90e001d<BR>>
<BR>> *
openssl-0.9.7k.tar.gz<BR>> MD5 checksum:
be6bba1d67b26eabb48cf1774925416f<BR>>
SHA1 checksum: 90056b8f5e518edc9f74f66784fbdcfd9b784dd2<BR>>
<BR>> The checksums were calculated using the following
commands:<BR>> <BR>> openssl md5
openssl-0.9.*.tar.gz<BR>> openssl sha1
openssl-0.9.*.tar.gz<BR>> <BR>> Yours,<BR>>
<BR>> The OpenSSL Project Team...<BR>>
<BR>> Mark J.
Cox Nils
Larsch Ulf
Möller<BR>> Ralf S.
Engelschall Ben
Laurie Andy
Polyakov<BR>> Dr. Stephen
Henson Richard Levitte
Geoff Thorpe<BR>> Lutz
Jänicke Bodo
Möller<BR>> <BR>> <BR>> <BR>> -----BEGIN PGP SIGNATURE-----<BR>>
Version: GnuPG v1.4.2.2 (GNU/Linux)<BR>> <BR>>
iQCVAwUBRP1Enu6tTP1JpWPZAQKUhQP/dBLTKnYVGvNvUYi2mleBNoUn8ISsZsA8<BR>>
5jfBOzsrR+GnZHdyxU3wqcUBzoteE6robAB5Xz1eVvtQDoSPOor0zQWNTrTOEL7N<BR>>
3MUbD/xwCv46kfk6OnptUUQ1UK2uA+IV6nxQHx6CDDdDO5wr2D8vBX3Q2JCuPXlf<BR>>
YjbILfKdPaA=<BR>> =CW+z<BR>> -----END PGP SIGNATURE-----<BR>> <BR>>
<BR>>
______________________________________________________________________<BR>>
OpenSSL
Project
http://www.openssl.org<BR>> User Support Mailing
List
openssl-users@openssl.org<BR>> Automated List
Manager
majordomo@openssl.org<BR>> <BR>> <BR>>
______________________________________________________________________<BR>>
OpenSSL
Project
http://www.openssl.org<BR>> Development Mailing
List
openssl-dev@openssl.org<BR>> Automated List
Manager
majordomo@openssl.org<BR>> <BR>> <BR>> <BR>> -- <BR>> No virus
found in this incoming message.<BR>> Checked by AVG Free Edition.<BR>>
Version: 7.1.405 / Virus Database: 268.11.7/437 - Release Date: 9/4/2006<BR>>
<BR>> </FONT></BODY></HTML>