|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #26415 OpenSSL 0.9.7b is vulnerable
Submitted: 2003-11-25 20:18 UTC Modified: 2004-03-16 18:43 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: dietrich dot ayala at foundstone dot com Assigned: edink (profile)
Status: Closed Package: OpenSSL related
PHP Version: 4.3.4 OS: win32
Private report: No CVE-ID: None
 [2003-11-25 20:18 UTC] dietrich dot ayala at foundstone dot com
the version of openssl shipped w/ php is has known vulnerabilities. php should be updated to the latest version of openssl (0.9.7c).




Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-11-27 11:45 UTC]
Edin, take care.. :)

 [2003-12-03 13:43 UTC] dietrich dot ayala at foundstone dot com
Hi Edin,

Is there any ETA on this? I've tried using the new DLLs but they don't work. Wez said the function signatures may have changed.


 [2004-01-03 18:26 UTC]
Finally, I managed to find some time to upgrade openssl. The version bundled with the snaps and releases from now on is OpenSSL-0.9.7c.
 [2004-03-15 16:17 UTC] dietrich dot ayala at foundstone dot com
the latest 4.3.5 snaps are still using version 0.9.7b.

these vulns are widely known and have been in the field for quite a while. it'd be great to get this updated.

thanks so much for your effort edin!
 [2004-03-15 18:14 UTC]
Did you really update ALL dlls from the snapshot package?

 [2004-03-16 18:43 UTC]
The version packed with latest snaps is 0.9.7c.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Tue Sep 26 10:01:24 2023 UTC