> The security advisory only has 3 security issues referenced within it,
> though it mentions 4 security fixes. Is the fourth one the "RSA
> signature with modulus 3 forgery" issue fixed in 0.9.8c and 0.9.7k?


No, look closer, the first one (ASN.1 Denial of Service Attacks [yes,
plural]), has two advisories, CVE-2006-2937 and CVE-2006-2940.
Then obviously there is the buffer overflow (CVE-2006-3738) and
the SSLv2 client crash (CVE-2006-4343).

-Brad
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org