--On Tuesday, March 3, 2020 5:16 PM -0500 Chris Rhoads
<crhoads@xxxxxxxxxxxxxx> wrote:
But I've been unable to determine with certainty how the last
vulnerability on this list (CVE-1999-0428) was fixed. In my research,
I've found a potential OpenSSL update in release 0.9.2b that may have
addressed the vulnerability: https://seclists.org/bugtraq/1999/Mar/144. ;
But this security alert message doesn't reference any CVE number.
The above email is related to this commit in the OpenSSL source tree:
b4cadc6e1343c01b06613053a90ed2ee85e65090
Since it pre-dates the CVE being filed, it has no reference to the CVE
itself in the commit. Someone from the OpenSSL project would have to
confirm if that is indeed the fix for the above CVE (and if so, then the
CVE database needs updating).
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
