Also, I apologize if I'm missing something, but the release notes state: "Fix 
for TLS record tampering bug CVE-2013-4353." I can't find any mention of that 
CVE anywhere. The linked OpenSSL vulnerabilities list doesn't include it and 
neither does NVD 
(http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4353). 

Patrick Watson, CISSP
Software Engineer
Data Security & Electronic Payment Systems
NCR Retail


-----Original Message-----
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On 
Behalf Of Dr. Stephen Henson
Sent: Monday, January 06, 2014 10:41 AM
To: openssl-dev@openssl.org
Subject: Re: OpenSSL version 1.0.1f released

On Mon, Jan 06, 2014, Daniel Kahn Gillmor wrote:

> On 01/06/2014 09:49 AM, OpenSSL wrote:
> 
> >    OpenSSL version 1.0.1f released
> >    ===============================
>  [...]
> >    The OpenSSL project team is pleased to announce the release of
> >    version 1.0.1f of our open source toolkit for SSL/TLS. For details
> >    of changes and known issues see the release notes at:
> > 
> >         http://www.openssl.org/news/openssl-1.0.1-notes.html
> 
> Looking at the source on github, i see that Nick Mathewson's 
> no_gmt_unix_time branch was also merged between 1.0.1e and 1.0.1f, but 
> it is not mentioned in the release notes.
>

Updated now.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to