Bug#338006: [Pkg-openssl-devel] Bug#338006: libssl 0.9.8c-4

Kurt Roeckx kurt at roeckx.be
Fri Mar 30 19:57:12 UTC 2007


On Fri, Mar 30, 2007 at 11:31:57AM -0700, Kirsten Petersen wrote:
> We are seeing this issue with libssl 0.9.8c-4 on a debian etch box.
> Will there be a fix for this version available in etch?

This really should have been fixed in 0.9.8c-4.  This has also been
fixed upstream in the 0.9.8c version.  No version in etch should be
affected by this bug.

You're also like the only one complaining, so I have the feeling
something else is wrong.

Can you tell me a little more about the problem you're seeing?  Is it
easy to reproduce?  Can you reproduce it using openssl?

Is it a self written application, or something else that's available
in Debian?

Do you know what the other side of the connection is using?

There are some other "bad record MAC" bugs open.  I think most of them
are related to multithreaded applications that don't use the
CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() functions.


Kurt






More information about the Pkg-openssl-devel mailing list