7 Apr
2009
7 Apr
'09
6:11 p.m.
On Tue, Apr 07, 2009 at 01:19:17PM -0400, Cal Webster wrote:
Will there be a security update of stunnel to address vulnerabilities outlined in CVE-2009-0590, CVE-2009-0591, and CVE-2009-0789?
Alternatively, will stunnel use updated OpenSSL libraries on the host?
It appears that this is true on Fedora RPM packages.
This is true in any *nix system.
However, I don't know how to determine whether the same dependency works with Win32 dll's.
This *should* work, as that is pretty much the whole point of shared libraries. I have no actual knowledge of windows DLLs, though, so there might be some obscure reason why it does not. I would recommend you trace (somehow) exactly what on-disk DLLs stunnel is loading and make sure your update replaces those.