[arch-dev-public] [Fwd: Fw: OpenSSL 0.9.8e has serious bug]
tom at archlinux.org
Fri Apr 20 09:47:25 EDT 2007
Valient Gough wrote:
> Hi Tom,
> I don't know if there is any tracking of OpenSSL bugs. While testing
> out user reports of 0.9.8e incompatibility, I narrowed it down to an
> OpenSSL problem and sent a simple test case to the OpenSSL mailing list.
> I haven't dug through OpenSSL to determine the entire extent of the
> problem. I believe it causes Blowfish to use 128-bit encryption no
> matter what key length you specify.
Thanks for getting back to me. I would be grateful if you could test my
patched build, available here:
PKGBUILD and patch here:
P.S. I've already posted this on our public dev list, but as you may not
be a subscriber, I'm sending it to you directly also.
More information about the arch-dev-public