Hi OpenSSL release team, I'm just curious if there is a CVE missing inside the OpenSSL 0.9.8 Branch Release notes from last night. I came across commit fc4bd2f287582c5f51f9549727fd5a49e9fc3012 (CVE-2014-3511) that is not listed for the 0.9.8 branch in the security advisotry or the release notes.
Is CVE-2014-3511 "TLS protocol downgrade attack" also affecting the 0.9.8/1.0.0 branches? Kind regards, Alex~ -- Alexander Bergmann <[email protected]> Security Software Engineer SUSE Linux GmbH, Maxfeldstr. 5, D-90409 Nuernberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer HRB 16746 (AG Nürnberg)
signature.asc
Description: Digital signature
