Date: Fri, 16 Oct 2015 16:01:20 +0100 From: Stuart Henderson <sthen@...nbsd.org> To: oss-security@...ts.openwall.com Cc: Qualys Security Advisory <qsa@...lys.com> Subject: Re: Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334) On 2015/10/16 12:06, Agostino Sarubbo wrote: > On Thursday 15 October 2015 17:54:16 Qualys Security Advisory wrote: > > We would like to thank the LibreSSL team for their great work and > > their incredibly quick response, > > Are these issues fixed upstream? > If yes, is there a release which fixes the issues? Yes, these releases were made: http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.0.6.tar.gz http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.1.8.tar.gz http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.4.tar.gz > If there isn't a release, do we have the link of the commit/diff? The fixes are spread over several commits, so the combined diff is probably the easiest place to look: http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/007_obj2txt.patch.sig
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.