Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 17 Mar 2015 03:16:56 +0300
From: Solar Designer <>
Subject: Re: Fwd: [openssl-announce] Forthcoming OpenSSL releases

On Tue, Mar 17, 2015 at 03:00:05AM +0300, Solar Designer wrote:
> I think the limited public info on this should be in here ASAP, hence
> the forward.  Another bit of public info so far is, off Twitter:
> <@solardiz> @joshbressers @hanno @iamamoose Maybe the posting could be worded better, if the "high" severity vuln affects only some of the versions.
> <@iamamoose> @solardiz @joshbressers @hanno right, the new High is 1.0.2 only, other versions new issues just Moderate and Low

I think I need to clarify: @iamamoose is Mark J. Cox of OpenSSL core team:

TTYtter> /whois iamamoose

Mark J Cox (iamamoose) (f:171/498) (u:713) 
"product security guy (Red Hat, OpenSSL, ASF), hardware hacker"

So this tweet about the "high" severity issue being 1.0.2 only is

> ----- Forwarded message from Matt Caswell <> -----
> Date: Mon, 16 Mar 2015 19:05:31 +0000
> From: Matt Caswell <>
> To:,, 
> Subject: [openssl-announce] Forthcoming OpenSSL releases
> Hash: SHA1
> Forthcoming OpenSSL releases
> ============================
> The OpenSSL project team would like to announce the forthcoming release
> of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf.
> These releases will be made available on 19th March. They will fix a
> number of security defects. The highest severity defect fixed by these
> releases is classified as "high" severity.
> Yours
> The OpenSSL Project Team
> Version: GnuPG v1
> 8Ulc6TMHsy2s5UvTXl/THqEoy5n92v99Cm69Y69TSWOgK9FK8aV0BuKkVZVYp3Ko
> MYV4VMr8a7YiNh/16HctRLfEPH8bg5AkY76Y4RM5i1AXafSR6wMuwlJl21TmqMI+
> J+HA39UvlWZ9zI7Lzz0v1BMoGAXg0cr8//QRcrFFgZZuUVtscwRRA9nRS65+AJhX
> ogd3ncUPUI3YEzxqv0kDfUre/2XeUNOM+N+u9pyfjoXHaMVsSX3A1HtpmEAMyzhE
> DqF+kmhTEyK0HYCVLnl6PLnBdHpPKY3qNFYd8trFyC2hpB9U6Qsut4KeKNtAi2g=
> =Uwpw
> _______________________________________________
> openssl-announce mailing list
> To unsubscribe:
> ----- End forwarded message -----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ