[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 16 Oct 2015 16:01:20 +0100
From: Stuart Henderson <sthen@...nbsd.org>
To: oss-security@...ts.openwall.com
Cc: Qualys Security Advisory <qsa@...lys.com>
Subject: Re: Qualys Security Advisory - LibreSSL
(CVE-2015-5333 and CVE-2015-5334)
On 2015/10/16 12:06, Agostino Sarubbo wrote:
> On Thursday 15 October 2015 17:54:16 Qualys Security Advisory wrote:
> > We would like to thank the LibreSSL team for their great work and
> > their incredibly quick response,
>
> Are these issues fixed upstream?
> If yes, is there a release which fixes the issues?
Yes, these releases were made:
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.0.6.tar.gz
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.1.8.tar.gz
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.4.tar.gz
> If there isn't a release, do we have the link of the commit/diff?
The fixes are spread over several commits, so the combined diff is
probably the easiest place to look:
http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/007_obj2txt.patch.sig
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
