On 16/08/16 09:50, Sandeep Umesh wrote: > Hi > > Has this been officially published in openSSL ? Haven't seen a security > advisory for the same. >
No. This is a low severity issue. As per our security policy we push fixes for these to our repo as soon as we have them. They are then rolled up in the next official release whenever that happens to be: https://www.openssl.org/policies/secpolicy.html For a discussion on this specific issue, see: https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ Matt > Regards > Sandeep > > > Inactive hide details for "Salz, Rich" ---08/13/2016 12:51:19 > AM---Commit 6f35f6deb5ca7daebe289f86477e061ce3ee5f46 in 1.0.1 --"Salz, > Rich" ---08/13/2016 12:51:19 AM---Commit > 6f35f6deb5ca7daebe289f86477e061ce3ee5f46 in 1.0.1 -- > > From: "Salz, Rich" <rs...@akamai.com> > To: "openssl-users@openssl.org" <openssl-users@openssl.org> > Date: 08/13/2016 12:51 AM > Subject: Re: [openssl-users] CVE-2016-2177 > Sent by: "openssl-users" <openssl-users-boun...@openssl.org> > > ------------------------------------------------------------------------ > > > > Commit 6f35f6deb5ca7daebe289f86477e061ce3ee5f46 in 1.0.1 > > -- > Senior Architect, Akamai Technologies > IM: richs...@jabber.at Twitter: RichSalz > > *From:*Scott Neugroschl [mailto:scot...@xypro.com] * > Sent:*Friday, August 12, 2016 3:11 PM* > To:*openssl-users@openssl.org* > Subject:*[openssl-users] CVE-2016-2177 > > CVE 2016-2177 notes that it applies to all versions up to 1.0.2h. Does > this mean that the fix is not applied to the 1.0.1 series (in particular > 1.0.1t)? > > > --- > Scott Neugroschl | XYPRO Technology Corporation > 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 > 583-2874|Fax 805 583-0124 | > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
