On Friday 1st March 2002 I released a security alert for Apache-SSL, announcing a fix to a buffer overflow. Unfortunately, because the fix had to be released in haste (since I had not been alerted before public disclosure), the fix had a bug. Fortunately, the bug did not leave Apache-SSL vulnerable, but it did prevent correct operation. I have, therefore, released an updated version of Apache-SSL today, 1.3.22+1.47, which is available from all the usual places. Users of versions prior to this should upgrade immediately. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
