Will there be a security update of stunnel to address vulnerabilities outlined in CVE-2009-0590, CVE-2009-0591, and CVE-2009-0789? Alternatively, will stunnel use updated OpenSSL libraries on the host? It appears that this is true on Fedora RPM packages. For Example: ldd stunnel: ------------ libssl.so.7 => /lib64/libssl.so.7 (0x0000000006a3c000) libcrypto.so.7 => /lib64/libcrypto.so.7 (0x0000000007954000) ------------ rpm -q --requires stunnel ----------------------------------------- ... libcrypto.so.7 ... libssl.so.7 ... ----------------------------------------- rpm -ql openssl | egrep 'libcrypto.so.7|libssl.so.7' ----------------------------------------- /lib/libcrypto.so.7 /lib/libssl.so.7 ----------------------------------------- However, I don't know how to determine whether the same dependency works with Win32 dll's. For example, could we install "Win32 OpenSSL v0.9.8k Light" from the below link to resolve the vulnerabilities? http://www.slproweb.com/download/Win32OpenSSL_Light-0_9_8k.exe The description says that it "Installs the most commonly used essentials of Win32 OpenSSL v0.9.8k" but it doesn't say exactly what. Thanks for any insights or suggestions. Cal Webster