Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 17 Mar 2015 03:16:56 +0300
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: Fwd: [openssl-announce] Forthcoming OpenSSL releases

On Tue, Mar 17, 2015 at 03:00:05AM +0300, Solar Designer wrote:
> I think the limited public info on this should be in here ASAP, hence
> the forward.  Another bit of public info so far is, off Twitter:
> 
> <@...ardiz> @joshbressers @hanno @iamamoose Maybe the posting could be worded better, if the "high" severity vuln affects only some of the versions.
> <@...amoose> @solardiz @joshbressers @hanno right, the new High is 1.0.2 only, other versions new issues just Moderate and Low

I think I need to clarify: @iamamoose is Mark J. Cox of OpenSSL core team:

TTYtter> /whois iamamoose

Mark J Cox (iamamoose) (f:171/498) (u:713) 
"product security guy (Red Hat, OpenSSL, ASF), hardware hacker"

http://openssl.org/about/

So this tweet about the "high" severity issue being 1.0.2 only is
authoritative.

> ----- Forwarded message from Matt Caswell <matt@...nssl.org> -----
> 
> Date: Mon, 16 Mar 2015 19:05:31 +0000
> From: Matt Caswell <matt@...nssl.org>
> To: openssl-announce@...nssl.org, openssl-users@...nssl.org, 
>  openssl-dev@...nssl.org
> Subject: [openssl-announce] Forthcoming OpenSSL releases
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> Forthcoming OpenSSL releases
> ============================
> 
> The OpenSSL project team would like to announce the forthcoming release
> of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf.
> 
> These releases will be made available on 19th March. They will fix a
> number of security defects. The highest severity defect fixed by these
> releases is classified as "high" severity.
> 
> Yours
> 
> The OpenSSL Project Team
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> 
> iQEcBAEBAgAGBQJVByl7AAoJENnE0m0OYESRm5MIAJV4ElRSS575QkYwPcOw7VTK
> 8Ulc6TMHsy2s5UvTXl/THqEoy5n92v99Cm69Y69TSWOgK9FK8aV0BuKkVZVYp3Ko
> MYV4VMr8a7YiNh/16HctRLfEPH8bg5AkY76Y4RM5i1AXafSR6wMuwlJl21TmqMI+
> J+HA39UvlWZ9zI7Lzz0v1BMoGAXg0cr8//QRcrFFgZZuUVtscwRRA9nRS65+AJhX
> ogd3ncUPUI3YEzxqv0kDfUre/2XeUNOM+N+u9pyfjoXHaMVsSX3A1HtpmEAMyzhE
> DqF+kmhTEyK0HYCVLnl6PLnBdHpPKY3qNFYd8trFyC2hpB9U6Qsut4KeKNtAi2g=
> =Uwpw
> -----END PGP SIGNATURE-----
> _______________________________________________
> openssl-announce mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-announce
> 
> ----- End forwarded message -----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ