Hello Steve,

I've just seen, that last Friday the new version of OpenSSL has been
released, which fixes this bug. Remains a small memory leak, however.
So please discard my bug report.

Best regards,


-------- Messaggio Originale --------

Oggetto: Re: Any guidelines for security related bug reports?
Data: Tue, 03 Oct 2006 19:09:17 +0200
Da: Andrey Romanov <aromanov@comped.it>
A: penssl-dev@openssl.org">openssl-dev@openssl.org
Referenze: <45228319.9000702@comped.it>

Good evening Steve,

Ok, I've emailed the report to your private mail address taken from
your home page.

Looking forward to your feedback.


Dr. Stephen Henson ha scritto:

On Tue, Oct 03, 2006, Andrey Romanov wrote:

Hello here!

I think, I have found a pretty significant security-related bug in
OpenSSL library. What are the guidelines for reporting them?
Should I post it directly on the mailing list? Or to provide the info to
maintainer first?

These can be passed to a member of the dev team in the first instance, me
for example. Then after any issue has been analysed we'll get back to you.

Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: href="http://www.drh-consultancy.demon.co.uk">http://www.drh-consultancy.demon.co.uk
__________________________________________________ ____________________
OpenSSL Project class="moz-txt-link-freetext" href="http://www.openssl.org">http://www.openssl.org
Development Mailing List class="moz-txt-link-abbreviated" href="mailtopenssl-dev@openssl.org">openssl-dev@openssl.org
Automated List Manager class="moz-txt-link-abbreviated" href="mailto:majordomo@openssl.org">majordomo@openssl.org

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org