On 17/12/16 01:59, Peter Djalaliev (CS) wrote: > Hello, > > > > Will commit > > > > Don't allow too many consecutive warning alerts > > > > author Matt Caswell <m...@openssl.org> > > Wed, 21 Sep 2016 08:07:31 -0500 (14:07 +0100) > > committer Matt Caswell <m...@openssl.org> > > Wed, 21 Sep 2016 14:17:04 -0500 (20:17 +0100) > > commit af58be768ebb690f78530f796e92b8ae5c9a4401 > > tree 087701bd731382d1933438bcd73cb7029264e16b > > parent 7dc0ad4d6dca81a003be7fa1fbd58a55f4be8646 > > > > be backported to 1.0.1? This has been assigned CVE-2016-8610. I > understand that OpenSSL 1.0.1 is going EOL on Dec 31.
I've been asked this a few times. CVE-2016-8610 was not issued by the OpenSSL Project and is not recognised as a security issue by us (it does not appear in any OpenSSL Security Advisory). The referenced commit is viewed as a bug fix and for that reason will not be backported to 1.0.1 (the 1.0.1 series only receives security fixes). Matt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev