Hi, My project is currently using OpenSSL-1.0.1g package and we are monitoring the security vulenrabilities being reported to this package. I would like to know the status of official fix for "CVE-2014-0198" bug. Is this fixed in OpenSSL-1.0.1h version ?
The below link does not list CVE-2014-0198, in the release notes of 1.0.1h version: https://www.openssl.org/news/openssl-1.0.1-notes.html But the below link lists CVE-2014-0198 that it is already fixed: https://www.openssl.org/news/vulnerabilities.html Please do clarify whether 1.0.1h version contains the fix for CVE-2014-0198 or not. Thanks in advance. Regards, Manjesh. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
