From 0.9 ChangeLog: * Fixes a critical denial-of-service with x.509 certificate verification: peer may cause xyssl to loop indefinitely by sending a cert. for which the PKCS#1 RSA signature check fails (bug reported by Benoit) ... * Modified ssl_parse_client_key_exchange() to protect against Daniel Bleichenbacher attack on PKCS#1 v1.5 padding, as well as the Klima-Pokorny-Rosa extension of Bleichenbacher's attack See also http://www.frsirt.com/english/advisories/2008/0917
please bump
Version bumped in CVS.
Thanks, Lars.