[Voodoo-circle-security] Vulnerability report: VooDoo cIRCle 1.1.38 released

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Greetings,

VooDoo cIRCle version 1.1.38 was just released.

From ChangeLog:

- Security: Windows binary distribution was using vulnerable OpenSSL
library.

- Bug fix: Fixed crash in PRNG seeding function, due to "cast to smaller
type assertion failure due to overflow" when the bot is ran for the very
first time and compiled in debug mode with OpenSSL using MSVC compiler,
when there is no "openssl.rnd" file for seeding.

Download:
http://sourceforge.net/projects/voodoo-circle/files/VooDoo%20cIRCle/1.1.38/
https://sourceforge.net/projects/voodoo-circle/files/VooDoo%20cIRCle/1.1.38/

Please, see security advisory:

http://voodoo-circle.sourceforge.net/sa/sa-20091112-01.html
(this link is permanent/persistent)

With best regards,
Marian "VooDooMan" Meravy
VooDoo cIRCle project
.