On Thu, Feb 09, 2006 at 03:08:01AM -0800, Steve Langasek wrote: > On Thu, Feb 09, 2006 at 11:39:29AM +0100, Gabriel Forté wrote: > > Package: libssl0.9.8 > > Version: 0.9.8a-6 > > Severity: critical > > > the following openssl-dev mailing-list thread documents a regression bug > > in libssl which will be fixed in the upcoming upstream release (0.9.8b): > > > http://www.mail-archive.com/openssl-dev@openssl.org/msg20804.html > > None of which explains why this is "critical".
maybe this post later in the same thread is a better explanation: http://www.mail-archive.com/openssl-dev@openssl.org/msg20815.html to me this breaks unrelated software using this feature in the library (or maybe am I wrong about the "unrelated" definition) I'm currently forced to rebuild the package with that patch each time a new release comes out in order to work around this problem, which triggers a critical functional regression in something as trivial as establishing a TCP connection over the BIO API, and had to for about two months as of this day (the upstream maintainer didn't react about it until a few days ago). -- Gabriel Forté <[EMAIL PROTECTED]>
