Also, I apologize if I'm missing something, but the release notes state: "Fix 
for TLS record tampering bug CVE-2013-4353." I can't find any mention of that 
CVE anywhere. The linked OpenSSL vulnerabilities list doesn't include it and 
neither does NVD 

Patrick Watson, CISSP
Software Engineer
Data Security & Electronic Payment Systems
NCR Retail

-----Original Message-----
From: [] On 
Behalf Of Dr. Stephen Henson
Sent: Monday, January 06, 2014 10:41 AM
Subject: Re: OpenSSL version 1.0.1f released

On Mon, Jan 06, 2014, Daniel Kahn Gillmor wrote:

> On 01/06/2014 09:49 AM, OpenSSL wrote:
> >    OpenSSL version 1.0.1f released
> >    ===============================
>  [...]
> >    The OpenSSL project team is pleased to announce the release of
> >    version 1.0.1f of our open source toolkit for SSL/TLS. For details
> >    of changes and known issues see the release notes at:
> > 
> >
> Looking at the source on github, i see that Nick Mathewson's 
> no_gmt_unix_time branch was also merged between 1.0.1e and 1.0.1f, but 
> it is not mentioned in the release notes.

Updated now.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: 
OpenSSL Project                       
Development Mailing List             
Automated List Manager                 
OpenSSL Project                       
Development Mailing List             
Automated List Manager                 

Reply via email to