On 21/05/2019 16:43, Matt Caswell wrote: > The OpenSSL project team would like to announce the forthcoming release > of OpenSSL versions 1.1.1c, 1.1.0k and 1.0.2s. > > These releases will be made available on 28th May 2019 between approximately > 1200-1600 UTC. > > OpenSSL 1.1.0k and 1.0.2s contain security hardening bug fixes only but do not > address any CVEs. OpenSSL 1.1.1c is a bug-fix release (and contains the > equivalent security hardening fixes as for 1.1.0k and 1.0.2s where relevant).
Correction to this announcement: OpenSSL 1.1.1c and OpenSSL 1.1.0k (released yesterday) do not address any new CVEs. They do however contain a fix for a previously announced low severity CVE (CVE-2019-1543). See the original security advisory here: https://www.openssl.org/news/secadv/20190306.txt Matt
Description: OpenPGP digital signature