[Voodoo-circle-security] Vulnerability report: VooDoo cIRCle 1.1.38 released
Brought to you by:
ghostvoodooman
From: Marian \VooDooMan\ M. <gho...@us...> - 2009-11-12 19:35:53
|
Greetings, VooDoo cIRCle version 1.1.38 was just released. From ChangeLog: - Security: Windows binary distribution was using vulnerable OpenSSL library. - Bug fix: Fixed crash in PRNG seeding function, due to "cast to smaller type assertion failure due to overflow" when the bot is ran for the very first time and compiled in debug mode with OpenSSL using MSVC compiler, when there is no "openssl.rnd" file for seeding. Download: http://sourceforge.net/projects/voodoo-circle/files/VooDoo%20cIRCle/1.1.38/ https://sourceforge.net/projects/voodoo-circle/files/VooDoo%20cIRCle/1.1.38/ Please, see security advisory: http://voodoo-circle.sourceforge.net/sa/sa-20091112-01.html (this link is permanent/persistent) With best regards, Marian "VooDooMan" Meravy VooDoo cIRCle project . |