Date: Fri, 16 Oct 2015 16:01:20 +0100 From: Stuart Henderson <sthen@...nbsd.org> To: oss-security@...ts.openwall.com Cc: Qualys Security Advisory <qsa@...lys.com> Subject: Re: Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334) On 2015/10/16 12:06, Agostino Sarubbo wrote: > On Thursday 15 October 2015 17:54:16 Qualys Security Advisory wrote: > > We would like to thank the LibreSSL team for their great work and > > their incredibly quick response, > > Are these issues fixed upstream? > If yes, is there a release which fixes the issues? Yes, these releases were made: http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.0.6.tar.gz http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.1.8.tar.gz http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.4.tar.gz > If there isn't a release, do we have the link of the commit/diff? The fixes are spread over several commits, so the combined diff is probably the easiest place to look: http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/007_obj2txt.patch.sig
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ