Ice 3.5 support and latest OpenSSL vulnerability

in Help Center
With the release of Ice 3.6, I just wanted to clarify what the status of Ice 3.5 was with regard to fixing recent OpenSSL vulnerabilities. Were you planning on making a new ThirdPartySources with the updated OpenSSL and rebuilding the binaries, or is this now abandoned in favour of Ice 3.6?
Kind regards,
Roger
Kind regards,
Roger
0
Comments
Yes, we plan to provide updated OpenSSL 1.0.1 binaries for Windows from time to time, as part of refreshed Ice 3.5.1 binary distributions for Windows.
The timing depends on the bugs fixed in the OpenSSL 1.0.1 releases. The latest binaries we distribute are for OpenSSL 1.0.1m, and the bugs fixed between 1.0.1m and the latest release (1.0.1p) are not critical for Ice applications. In particular, the latest CVE (CVE-2015-1793: 9th July 2015) fixed bugs in 1.0.1n and 1.0.1o, not 1.0.1m.
Best regards,
Bernard
Many thanks for confirming this.