-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 16/03/15 19:05, Matt Caswell wrote:
Forthcoming OpenSSL releases
The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf.
These releases
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Forthcoming OpenSSL releases
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf.
These releases will be made available on 19th March. They will
Forthcoming OpenSSL releases
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 1.1.0g and 1.0.2m.
These releases will be made available on 2nd November 2017 between
approximately 1300-1700 UTC.
This is a bug-fix release. It
On 30/10/17 13:50, Matt Caswell wrote:
> Forthcoming OpenSSL releases
>
>
> The OpenSSL project team would like to announce the forthcoming release
> of OpenSSL versions 1.1.0g and 1.0.2m.
>
> These releases will be made available on 2nd
Forthcoming OpenSSL releases
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 1.1.0i and 1.0.2p.
These releases will be made available on 14th August 2018 between
approximately 1200-1600 UTC.
These are bug-fix releases.
OpenSSL Security Advisory [12 November 2018]
Microarchitecture timing vulnerability in ECC scalar multiplication
(CVE-2018-5407)
===
Severity: Low
OpenSSL ECC scalar
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 1.1.1a, 1.1.0j and 1.0.2q.
These releases will be made available on 20th November 2018 between
approximately 1300-1700 UTC.
These are bug-fix releases. They also contain the fixes for three LOW
severity
Please see the following blog post about OpenSSL Versioning and License:
https://www.openssl.org/blog/blog/2018/11/28/version/
Matt
--
openssl-announce mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-announce
Please see my blog post for an OpenSSL 3.0 and FIPS Update:
https://www.openssl.org/blog/blog/2019/02/13/FIPS-update/
Matt
--
openssl-announce mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-announce
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 1.1.1b and 1.0.2r. There will be no new 1.1.0 release at
this time.
These releases will be made available on 26th February 2019 between
approximately 1300-1700 UTC.
OpenSSL 1.0.2r is a security-fix
On 21/05/2019 16:43, Matt Caswell wrote:
> The OpenSSL project team would like to announce the forthcoming release
> of OpenSSL versions 1.1.1c, 1.1.0k and 1.0.2s.
>
> These releases will be made available on 28th May 2019 between approximately
> 1200-1600 UTC.
>
> Open
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 1.1.1c, 1.1.0k and 1.0.2s.
These releases will be made available on 28th May 2019 between approximately
1200-1600 UTC.
OpenSSL 1.1.0k and 1.0.2s contain security hardening bug fixes only but do not
On 03/09/2019 17:19, Matt Caswell wrote:
> The OpenSSL project team would like to announce the forthcoming release
> of OpenSSL versions 1.1.1d, 1.1.0l and 1.0.2t.
>
> These releases will be made available on 10th September 2019 between
> approximately 1200-1600 UTC.
>
> T
Please take a look at my blog post that gives an update on OpenSSL 3.0
development, FIPS and 1.0.2 EOL:
https://www.openssl.org/blog/blog/2019/11/07/3.0-update/
Matt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL version 1.0.2u
This release will be made available on Friday 20th December 2019 between
1300-1700 UTC. This will contain one LOW severity fix for CVE-2019-1551
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL version 1.1.1e.
This release will be made available on Tuesday 17th March 2020 between
1300-1700 UTC. This will contain one LOW severity fix for CVE-2019-1551
previously announced here:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL version 1.1.1f.
This release will be made available on Tuesday 31st March 2020 between
1200-1600 UTC. This is a bug fix only release.
Yours
The OpenSSL Project
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL version 1.1.1g.
This release will be made available on Tuesday 21st April 2020 between
1300-1700 UTC.
OpenSSL 1.1.g is a security-fix release. The highest severity
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The OpenSSL Management Committee are looking to hire a full time
Administrator and Manager. Details of the role can be found here:
https://www.openssl.org/blog/blog/2020/09/05/OpenSSL.ProjectAdminRole/
To apply please send your cover letter and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.0 beta 1 released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
OpenSSL 3.0 is currently in beta.
OpenSSL 3.0 beta 1 has now been made available.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The OpenSSL project team would like to announce the forthcoming
release of OpenSSL version 1.1.1j.
This release will be made available on Tuesday 16th February 2021
between 1300-1700 UTC.
OpenSSL 1.1.1j is a security-fix release. The highest
The OpenSSL project team would like to announce the forthcoming
release of OpenSSL version 1.1.1k.
This release will be made available on Thursday 25th March 2021
between 1300-1700 UTC.
OpenSSL 1.1.1k is a security-fix release. The highest severity issue
fixed in this release is HIGH:
The OpenSSL project team would like to announce the forthcoming
release of OpenSSL version 1.1.1l.
This release will be made available on Tuesday 24th August 2021
between 1200-1600 UTC.
OpenSSL 1.1.1l is a security-fix release. The highest severity issue
fixed in this release is HIGH:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 1.1.1l released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.1l of our open
essed before the final release.
This issue was reported to OpenSSL on 12th August 2021 by John Ouyang. The fix
was developed by Matt Caswell.
Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
=
Severity: Moderate
ASN.1 stri
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.0 beta 2 released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
OpenSSL 3.0 is currently in beta.
OpenSSL 3.0 beta 2 has now been made available.
The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 1.1.1m and 3.0.1.
These releases will be made available on Tuesday 14th December 2021
between 1300-1700 UTC.
OpenSSL 3.0.1 is a security and bug fix release. The highest severity
issue fixed in this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.0.1 released
==
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 3.0.1 of our open source
. Users of this version
should upgrade to OpenSSL 3.0.1.
OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.
This issue was reported to OpenSSL on 29th November 2021 by Tobias Nießen. The
fix was developed by Matt Caswell and Tobias Nießen.
Note
OpenSSL 1.0.2 is out of support
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.0.2 released
==
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 3.0.2 of our open source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 1.1.1n released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.1n of our open
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [15 March 2022]
Infinite loop in BN_mod_sqrt() reachable when parsing certificates
(CVE-2022-0778)
The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 3.0.2 and 1.1.1n.
These releases will be made available on Tuesday 15th March 2022
between 1300-1700 UTC.
These are security-fix releases. The highest severity issue
fixed in these releases is HIGH:
OpenSSL 3.0 has recently been designated as a Long Term Support (LTS)
release. This means that it will now be supported until 7th September
2026 (5 years after its initial release).
Our previous LTS release (1.1.1) will continue to be supported until
11th September 2023.
We encourage all
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [28 January 2022]
===
BN_mod_exp may produce incorrect results on MIPS (CVE-2021-4160)
Severity: Moderate
There is
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL version 1.1.1w.
This release will be made available on Monday 11th September 2023
between 1300-1700 UTC.
This will be the final public release in the 1.1.1 series [1]. Ongoing
access to security fixes is
The OpenSSL project team would like to announce the upcoming release of
OpenSSL versions 3.1.3 and 3.0.11.
These releases will be made available on Tuesday 19th September 2023
between 1300-1700 UTC.
These are security-fix releases. The highest severity issue fixed in
each of these two
The OpenSSL project team would like to announce the upcoming release of
OpenSSL versions 3.1.4 and 3.0.12.
These releases will be made available on Tuesday 24th October 2023
between 1300-1700 UTC.
These are security-fix releases. The highest severity issue fixed in
each of these two releases is
The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 3.0.3 and 1.1.1o.
These releases will be made available on Tuesday 26th April 2022
between 1300-1700 UTC.
These are security-fix releases. The highest severity issue
fixed in these releases is MODERATE:
:
https://www.openssl.org/policies/secpolicy.html#moderate
Yours
The OpenSSL Project Team
On 19/04/2022 20:51, Matt Caswell wrote:
The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 3.0.3 and 1.1.1o.
These releases will be made available on Tuesday 26th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [21 June 2022]
The c_rehash script allows command injection (CVE-2022-2068)
Severity: Moderate
In addition to the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 1.1.1p released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.1p of our open
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.0.4 released
==
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 3.0.4 of our open source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 1.1.1o released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.1o of our open
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.0.3 released
==
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 3.0.3 of our open source
s issue was reported to OpenSSL on the 6th April 2022 by Raul Metsma. The fix
was developed by Matt Caswell from OpenSSL.
Incorrect MAC key used in the RC4-MD5 ciphersuite (CVE-2022-1434)
=
Severity: Low
The OpenSSL 3.0 implement
Hello,
The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 3.0.6 and 1.1.1r.
These releases will be made available on Tuesday 11th October 2022
between 1300-1700 UTC.
OpenSSL 3.0.6 is a security-fix release. The highest severity issue
fixed in OpenSSL
We have received a report of a significant regression in the latest
3.0.6 and 1.1.1r versions. The regression is not thought to have
security consequences. While the regression is further investigated we
have taken the decision to withdraw the 3.0.6 and 1.1.1r versions and
instead recommend that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 1.1.1r released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.1r of our open
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.0.6 released
==
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 3.0.6 of our open source
Supercomputing Center. The fix was developed by Matt Caswell.
References
==
URL for this Security Advisory:
https://www.openssl.org/news/secadv/20221011.txt
Note: the online version of the advisory may be updated with additional details
over time.
For details of OpenSSL severity
Please see the new blog post here:
https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
OpenPGP_0xD9C4D26D0E604491.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
Hello,
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 3.0.8, 1.1.1t and 1.0.2zg. Note that OpenSSL 1.0.2
is End Of Life and so 1.0.2zg will be available to premium support
customers only.
These releases will be made available on Tuesday 7th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.1.0 released
==
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 3.1.0 of our open source
Please see our blog post about the forthcoming End Of Life of OpenSSL
1.1.1 on 11th September 2023:
https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/
Kind Regards
Matt
OpenPGP_0xD9C4D26D0E604491.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital
To clarify, OpenSSL version 3.1.1 will also be released on Tuesday 30th
May 2023, and is also a security-fix release with the highest severity
issue being Moderate.
Regards
Matt
On 24/05/2023 05:06, Tomas Mraz wrote:
The OpenSSL project team would like to announce the forthcoming release
of
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 3.1.2, 3.0.10 and 1.1.1v.
These releases will be made available on Tuesday 1st August 2023 between
1300-1700 UTC.
These are security-fix releases. The highest severity issue fixed in
each of these
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [31st July 2023]
==
Excessive time spent checking DH q parameter value (CVE-2023-3817)
==
Severity: Low
Issue
repository. It is available to premium support customers in commit
x (for 1.1.1) and in commit
x (for 1.0.2).
This issue was reported on 23rd November 2023 by Bahaa Naamneh (Crosspoint
Labs). The fix was developed by Matt Caswell.
General Advisory Notes
==
URL for this Security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.2.1 released
==
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 3.2.1 of our open source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.1.5 released
==
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 3.1.5 of our open source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.0.13 released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 3.0.13 of our open
c88c3de510 (for 3.2), commit 704f725b96 (for 3.1) and commit b3f0eb0a29
(for 3.0) in the OpenSSL git repository. It is available to premium support
customers in commit f7a045f314 (for 1.1.1).
This issue was reported on 10th April 2024 by William Ahern (Akamai). The fix
was developed by Matt Caswell
63 matches
Mail list logo
