On Tue, Jul 1, 2014 at 3:03 PM, Manjesh HS via RT <[email protected]> wrote:
> Hi, > My project is currently using OpenSSL-1.0.1g package and we are monitoring > the security vulenrabilities being reported to this package. I would like > to know the status of official fix for "CVE-2014-0198" bug. Is this fixed > in OpenSSL-1.0.1h version ? > > The below link does not list CVE-2014-0198, in the release notes of 1.0.1h > version: > https://www.openssl.org/news/openssl-1.0.1-notes.html > > But the below link lists CVE-2014-0198 that it is already fixed: > https://www.openssl.org/news/vulnerabilities.html > > The above page clearly says: Fixed in OpenSSL 1.0.1h (Affected 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1) What part of this is not clear?
