An OpenSource VooDoo cIRCle - security advisory 20090326-01

Persistent URL of this advisory is available at


In Win32/64 binary releases there are vulnerable OpenSSL DLL files. All users ar encouraged to upgrade to the latest version.


See vendor's advisory at
All versions prior to 1.1.36 are affected by these security vulnerabilities. VooDoo cIRCle 1.1.36 binary relases for Win32/64 are not affected by these known security vulnerabilities. Versions using older OpenSSL library, though on any platform, or custom builds, are vulnerable, that is, either all binary-distributed versions of VooDoo cIRCle prior to 1.1.36, or those linked against OpenSSL library version prior to 0.9.8k are vulnerable by these vulnerabilities.


There is no known workaround at this time.


Update to the latest version, VooDoo cIRCle 1.1.36, which is not vulnerable.

Time line

2009-03-25 - Received notification from that the same day OpenSSL vendor released new version of OpenSSL library 0.9.8k, which is not vulnerable by known vulnerabilities.
2009-03-26 - Release of VooDoo cIRCle 1.1.36 .
2009-03-26 - VooDoo cIRCle vendor security advisory: public disclosure: this security advisory.


2009-03-26 - Initial revision
2009-03-26 - Fixed HTML formatting error

Legal notice

Some names used in this document may be registered trademarks of their respective owners.

Get VooDoo cIRCle at Fast, secure and Free Open Source software downloads