Also, the release notes list:

Fix for TLS record tampering bug CVE-2013-4353
But the list of OpenSSL vulnerabilities linked from there does not mention this 

Erik Tkal

uʍop ǝpısdn ǝɹɐ noʎ sıɥʇ pɐǝɹ uɐɔ noʎ ɟı

On 06 Jan 2014, at 10:27 AM, Daniel Kahn Gillmor <> wrote:

> On 01/06/2014 09:49 AM, OpenSSL wrote:
>>   OpenSSL version 1.0.1f released
>>   ===============================
> [...]
>>   The OpenSSL project team is pleased to announce the release of
>>   version 1.0.1f of our open source toolkit for SSL/TLS. For details
>>   of changes and known issues see the release notes at:
> Looking at the source on github, i see that Nick Mathewson's
> no_gmt_unix_time branch was also merged between 1.0.1e and 1.0.1f, but
> it is not mentioned in the release notes.

Reply via email to