Tcl Dev Kit and CVE-2015-1793

Posted by grahams on 2015-07-09 10:33
OS: All / Any | Product: Tcl Dev Kit | tags: CVE openssl tcl tclapp tls
Question: 

Is the Tcl Dev Kit affected by CVE-2015-1793?

Answer: 

No releases of the Tcl Dev Kit are affected.

However, if you wrapped a product using the tls module, versions 1.6.6, 1.6.6.1, or 1.6.7, your wrapped product is affected.

Mitigation:
Tls version 1.6.8 will be published to the TEApot soon, with a new version of the OpenSSL library. Upgrade the tls module in your Tcl to version 1.6.8, or fall back to 1.6.5. Then re-wrap your product to make a new version.