Hello Steve,



I've just seen, that last Friday the new version of OpenSSL has been
released, which fixes this bug. Remains a small memory leak, however.
So please discard my bug report.



Best regards,

Andrey



-------- Messaggio Originale --------
cellspacing="0">






















Oggetto: Re: Any guidelines for security related bug reports?
Data: Tue, 03 Oct 2006 19:09:17 +0200
Da: Andrey Romanov <aromanov@comped.it>
A: penssl-dev@openssl.org">openssl-dev@openssl.org
Referenze: <45228319.9000702@comped.it>
<20061003163600.GA19031@openssl.org>






Good evening Steve,



Ok, I've emailed the report to your private mail address taken from
your home page.

Looking forward to your feedback.



Andrey.



Dr. Stephen Henson ha scritto:

On Tue, Oct 03, 2006, Andrey Romanov wrote:



Hello here!

I think, I have found a pretty significant security-related bug in
OpenSSL library. What are the guidelines for reporting them?
Should I post it directly on the mailing list? Or to provide the info to
maintainer first?




These can be passed to a member of the dev team in the first instance, me
for example. Then after any issue has been analysed we'll get back to you.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: href="http://www.drh-consultancy.demon.co.uk">http://www.drh-consultancy.demon.co.uk
__________________________________________________ ____________________
OpenSSL Project class="moz-txt-link-freetext" href="http://www.openssl.org">http://www.openssl.org
Development Mailing List class="moz-txt-link-abbreviated" href="mailtopenssl-dev@openssl.org">openssl-dev@openssl.org
Automated List Manager class="moz-txt-link-abbreviated" href="mailto:majordomo@openssl.org">majordomo@openssl.org





__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org