search for: _letter_

Displaying 1 result from an estimated 1 matches for "_letter_".

Did you mean: _better_
2002 May 25
2
mismatch against version of openssl, letter version brokeness
What risk exists in changing the check for the matching version of openssl so that the final letter part of the version (e.g. 0.9.6c vs. 0.9.6d) is ignored? Are there any security vulnerabilities in such a thing? What if ssh(d) is linked against an older _letter_ version such as 0.9.6c and now finds the library is 0.9.6d? Is there a security risk in that? Surely a major API change would not happen between version c and version d, would it? My concern here is that openssl's versioning scheme is broken, and depending on it causes problems. For example...