|Reported by:||Fernando de Oliveira||Owned by:||Fernando de Oliveira|
I think that urgency is not high for us, it seems to involve only DLLs, which I believe is for other OS, not Linux.
... Version 5.02, 2014.06.09, urgency: HIGH: Security bugfixes OpenSSL DLLs updated to version 1.0.1h. See http://www.openssl.org/news/secadv_20140605.txt New features Major rewrite of the protocol.c interface: it is now possible to add protocol negotiations at multiple connection phases, protocols can individually decide whether the remote connection will be established before or after SSL/TLS is negotiated. Heap memory blocks are wiped before release. This only works for block allocated by stunnel, and not by OpenSSL or other libraries. The safe_memcmp() function implemented with execution time not dependent on the compared data. Updated the stunnel.conf and stunnel.init templates. Added a client-mode example to the manual. Bugfixes Fixed "failover = rr" broken since version 5.00. Fixed "taskbar = no" broken since version 5.00. Compilation fix for missing SSL_OP_MSIE_SSLV2_RSA_PADDING option.
Change History (2)
Note: See TracTickets for help on using tickets.