Date: Tue, 17 Mar 2015 03:16:56 +0300 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: Fwd: [openssl-announce] Forthcoming OpenSSL releases On Tue, Mar 17, 2015 at 03:00:05AM +0300, Solar Designer wrote: > I think the limited public info on this should be in here ASAP, hence > the forward. Another bit of public info so far is, off Twitter: > > <@solardiz> @joshbressers @hanno @iamamoose Maybe the posting could be worded better, if the "high" severity vuln affects only some of the versions. > <@iamamoose> @solardiz @joshbressers @hanno right, the new High is 1.0.2 only, other versions new issues just Moderate and Low I think I need to clarify: @iamamoose is Mark J. Cox of OpenSSL core team: TTYtter> /whois iamamoose Mark J Cox (iamamoose) (f:171/498) (u:713) "product security guy (Red Hat, OpenSSL, ASF), hardware hacker" http://openssl.org/about/ So this tweet about the "high" severity issue being 1.0.2 only is authoritative. > ----- Forwarded message from Matt Caswell <matt@...nssl.org> ----- > > Date: Mon, 16 Mar 2015 19:05:31 +0000 > From: Matt Caswell <matt@...nssl.org> > To: openssl-announce@...nssl.org, openssl-users@...nssl.org, > openssl-dev@...nssl.org > Subject: [openssl-announce] Forthcoming OpenSSL releases > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Forthcoming OpenSSL releases > ============================ > > The OpenSSL project team would like to announce the forthcoming release > of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf. > > These releases will be made available on 19th March. They will fix a > number of security defects. The highest severity defect fixed by these > releases is classified as "high" severity. > > Yours > > The OpenSSL Project Team > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEcBAEBAgAGBQJVByl7AAoJENnE0m0OYESRm5MIAJV4ElRSS575QkYwPcOw7VTK > 8Ulc6TMHsy2s5UvTXl/THqEoy5n92v99Cm69Y69TSWOgK9FK8aV0BuKkVZVYp3Ko > MYV4VMr8a7YiNh/16HctRLfEPH8bg5AkY76Y4RM5i1AXafSR6wMuwlJl21TmqMI+ > J+HA39UvlWZ9zI7Lzz0v1BMoGAXg0cr8//QRcrFFgZZuUVtscwRRA9nRS65+AJhX > ogd3ncUPUI3YEzxqv0kDfUre/2XeUNOM+N+u9pyfjoXHaMVsSX3A1HtpmEAMyzhE > DqF+kmhTEyK0HYCVLnl6PLnBdHpPKY3qNFYd8trFyC2hpB9U6Qsut4KeKNtAi2g= > =Uwpw > -----END PGP SIGNATURE----- > _______________________________________________ > openssl-announce mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-announce > > ----- End forwarded message -----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ