On Thu, Mar 18, 2004 at 11:17:27PM +0300, Andrew L. Neporada wrote: > Is it true that (dynamic) binaries are vulnerable if and only if they are > linked with libssl.so.3, not with libcrypt or libcrypto? Yes, the bug is in libssl. Cheers, -- Jacques Vidrine / nectar at celabo.org / jvidrine at verio.net / nectar at freebsd.org