Charles Heselton said: [snip] > While it's entirely possible that I'm just getting confused on > version number between OpenSSL and OpenSSH, these are the CVE #'s that I > was looking to update: > > CAN-2004-0079 - Null-pointer assignment during SSL handshake > CAN-2004-0112 - Out-of-bounds read affects Kerberos ciphersuites > CAN-2004-00811- OpenSSL 0.9.6 before 0.9.6d infinite loop vulnerability All of these were fixed before FC2 was released. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=118622 Oddly enough, the changelog doesn't mention CAN-2004-0081. It might be worth an e-mail to the maintainer. [whooper@laptop whooper]$ rpm -q --changelog openssl | head -4 * Thu Mar 25 2004 Joe Orton <jorton@xxxxxxxxxx> 0.9.7a-35 - add security fixes for CAN-2004-0079, CAN-2004-0112 -- William Hooper
