Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 16 Oct 2015 16:01:20 +0100
From: Stuart Henderson <sthen@...nbsd.org>
To: oss-security@...ts.openwall.com
Cc: Qualys Security Advisory <qsa@...lys.com>
Subject: Re: Qualys Security Advisory - LibreSSL
 (CVE-2015-5333 and CVE-2015-5334)

On 2015/10/16 12:06, Agostino Sarubbo wrote:
> On Thursday 15 October 2015 17:54:16 Qualys Security Advisory wrote:
> > We would like to thank the LibreSSL team for their great work and
> > their incredibly quick response,
> 
> Are these issues fixed upstream?
> If yes, is there a release which fixes the issues?

Yes, these releases were made:

http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.0.6.tar.gz
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.1.8.tar.gz
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.4.tar.gz

> If there isn't a release, do we have the link of the commit/diff?

The fixes are spread over several commits, so the combined diff is
probably the easiest place to look:

http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/007_obj2txt.patch.sig

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ