No, just do it. -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz
> -----Original Message----- > From: Philip Bellino [mailto:pbell...@mrv.com] > Sent: Wednesday, June 29, 2016 3:00 PM > To: openssl-dev@openssl.org > Subject: Re: [openssl-dev] CVE-2016-2177 > > Rich, > We have customers who are asking us to address this vulnerability as well as > CVE-2016-2178. > CVE-2016-2177 (s3_srvr.c, ssl_sess.c, t1_lib.c) > CVE-2016-2178 (dsa_ossl.c). > > Do you see any reason why we should not go ahead and add these changes > to our existing 1.0.2h code? > > Thanks, > Phil > > > > -----Original Message----- > From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of > Salz, Rich > Sent: Tuesday, June 28, 2016 11:23 AM > To: openssl-dev@openssl.org > Subject: Re: [openssl-dev] CVE-2016-2177 > > >Will you be releasing 1.0.2i soon to address this issue? > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2177 > > Please see https://www.openssl.org/blog/blog/2016/06/27/undefined- > pointer-arithmetic/ > > Short answer: this is a LOW issue, and does not justify a release by itself. > > -- > Senior Architect, Akamai Technologies > IM: richs...@jabber.at Twitter: RichSalz > > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > [E-Banner]<http://www.mrv.com/products/os-v> > > > MRV Communications is a global supplier of packet and optical solutions that > power the world’s largest networks. Our products combine innovative > hardware with intelligent software to make networks smarter, faster and > more efficient. > > > The contents of this message, together with any attachments, are intended > only for the use of the person(s) to whom they are addressed and may > contain confidential and/or privileged information. If you are not the > intended recipient, immediately advise the sender, delete this message and > any attachments and note that any distribution, or copying of this message, > or any attachment, is prohibited. > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
