Forthcoming OpenSSL release
The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1l. This release will be made available on Tuesday 24th August 2021 between 1200-1600 UTC. OpenSSL 1.1.1l is a security-fix release. The highest severity issue fixed in this release is HIGH: https://www.openssl.org/policies/secpolicy.html#high Note that due to this also affecting OpenSSL 3.0 beta releases, OpenSSL 3.0 final will not be occurring this week. Yours The OpenSSL Project Team OpenPGP_signature Description: OpenPGP digital signature
Forthcoming OpenSSL release
The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1k. This release will be made available on Thursday 25th March 2021 between 1300-1700 UTC. OpenSSL 1.1.1k is a security-fix release. The highest severity issue fixed in this release is HIGH: https://www.openssl.org/policies/secpolicy.html#high Yours The OpenSSL Project Team
Forthcoming OpenSSL Release
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1j. This release will be made available on Tuesday 16th February 2021 between 1300-1700 UTC. OpenSSL 1.1.1j is a security-fix release. The highest severity issue fixed in this release is MODERATE: https://www.openssl.org/policies/secpolicy.html#moderate Yours The OpenSSL Project Team -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmAix4IACgkQ2cTSbQ5g RJEObwgAkM5/Nx3KjqX1Uj69C6b+8Cxx2ijdfei4wQjkVhLqZLteZpKDE0QBAHsV wGc3cwv1AyPnNfgWvfUwj0k5mRr67fYkz+iAJiNisLc40k0+xPd9F2F804TvKQh2 6HPRY2+AEpQD6nuxJejIOBZruDbFaXRzh1rloQggE9tqUoLslQbYhkrR6BRiePqN zQarux5yBZDfkQzkaYTDqFH5M6RLrb3w5hlJiJ4uJ1lLz4FNyeUtADofluiIrJuj zDRZxocOVoyUt2wIZZ+2xhMY894hlilwnBE+fXvWu5d4HakdZkHe4p+HFvP/O0IY AGn/qXIQfYGt9jH93jCPFdrgO/jvWA== =ZcL6 -END PGP SIGNATURE-
Fwd: Forthcoming OpenSSL Release
FYI Forwarded Message Subject: Forthcoming OpenSSL Release Date: Tue, 1 Dec 2020 04:15:51 -0600 From: Paul Nelson Reply-To: openssl-users@openssl.org To: openssl-annou...@openssl.org The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1i. This release will be made available on Tuesday 8th December 2020 between 1300-1700 UTC. OpenSSL 1.1.i is a security-fix release. The highest severity issue fixed in this release is HIGH: https://www.openssl.org/policies/secpolicy.html#high Yours The OpenSSL Project Team
Forthcoming OpenSSL Release
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1h. This release will be made available on Tuesday 22nd September 2020 between 1300-1700 UTC. OpenSSL 1.1.h is a bug-fix release. There are no CVEs addressed in this release. Yours The OpenSSL Project Team -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl9hObYACgkQ2cTSbQ5g RJGmDAf+IPnGTpXB6XpHpuvlWWE6v0aTEOHntLgeYbqp9v3/5ay4i0qwFZk2M4Sn 9J5C/057OqqLVMq0UyXXAwhyS52KIR6VfcJKTCc/2NkgPHhee+/W5Q8SgGpXMnOP 60EIrHD5cfkestIO9fvrCHZ19RFFWlFQJnPmc64nLYyhQJ83a/AKGoug459oaxm7 lj90Rd+U4oQvEJyltsA5Urv/IAjQV24EYej1pCLb4zqerW4rLYnoATBrurclWVOa 5AXZgzuhNvtMV3/nVB7aFpfQIsg2FUaTnRW3ok+7e72oiXHndgxYW6TP0GxGOMdu RDB1ZlWWwt7LzYz8BlWTex+s23SNZA== =wNcz -END PGP SIGNATURE-
Forthcoming OpenSSL Release
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1g. This release will be made available on Tuesday 21st April 2020 between 1300-1700 UTC. OpenSSL 1.1.g is a security-fix release. The highest severity issue fixed in this release is HIGH: https://www.openssl.org/policies/secpolicy.html#high Yours The OpenSSL Project Team -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl6VuVwACgkQ2cTSbQ5g RJEGGwgAnvbo6LVTEz8PdAOoKPgHiz1ObbB8M/fNANk1Oog1w6CF7a8JPEuB/LlQ ZS0/31x+69xE+GzD4kPBglG6IVnt7F1mlXSc1YEh5c5zs2T5w5Gak5AIzJNZqEFK EmplFS8eZCpKJZc+0YKgMisF4Q+VbRjI+KVtYQKBn3sHRNH04z4Ti6jlS14R4pQd PCB4ftXS/LnISkrxL1uVf1seY+5SpmQjk3FR8ZgrR3vuYAyLcD7aeQNKf+unsS4W u8VnDmqONHa2JfHjsr5PezLZfWa3YTvK352gamyq5sn6y2ciTcI+fABeSD4OYjvQ I6t4kQrzfCdMrBNY8G2D5NYOi5cOKQ== =5CII -END PGP SIGNATURE-
Forthcoming OpenSSL Release
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1f. This release will be made available on Tuesday 31st March 2020 between 1200-1600 UTC. This is a bug fix only release. Yours The OpenSSL Project Team -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl5/MPUACgkQ2cTSbQ5g RJGnaggAjtB2r56ufZaOUAy7/stpy+Cj7R4Jq+RZb8Ja6c9hU9FwHx5/eESxs1lC XQKr5RGcPZbIvgoDaFCBVXBswl6Ivhde/MuWLoeoag+sl4TBztx/Aash6YAT78ij h/NvRcYDn2mcBrclxJckh9sags5ei13d+GWug349X8d7dVdfHooFTBgq0Th4ehfZ UBaNgQTnqnd/8PD2paGkQtHOr8Qr2TTPH6HyQ5Vlea+x0AzjnAbWjbr/wvu0yuFE 2RqE6RnVy65M+Nx1wIXh1ZJT0EfyN4lqRFYuTWViJVPfPDT61UkIKSbxzRtVWEl8 Pu4T2r9cKHl8kFnuA0kqc0/5/jG2EQ== =KWO3 -END PGP SIGNATURE-
Re: Forthcoming OpenSSL release
On 11/03/2020 17:42, Sam Roberts wrote: > Will it include ONLY the CVE fix, or will it include other fixes, such > as to the getrandom() call on some archs? It will include all fixes currently in the 1.1.1-dev branch including commit eee565ec4 which is the 1.1.1 equivalent of the commit you mention. Matt > > commit 4dcb150ea30f9bbfa7946e6b39c30a86aca5ed02 > Author: Kurt Roeckx > Date: Sat Sep 28 14:59:32 2019 +0200 > > Add defines for __NR_getrandom for all Linux architectures > > Fixes: https://github.com/openssl/openssl/issues/10015 > > Reviewed-by: Bernd Edlinger > GH: https://github.com/openssl/openssl/pull/10044 > > See https://github.com/nodejs/node/pull/32002 for background. > > On Wed, Mar 11, 2020 at 8:53 AM Matt Caswell wrote: >> >> The OpenSSL project team would like to announce the forthcoming release >> of OpenSSL version 1.1.1e. >> >> This release will be made available on Tuesday 17th March 2020 between >> 1300-1700 UTC. This will contain one LOW severity fix for CVE-2019-1551 >> previously announced here: >> https://www.openssl.org/news/secadv/20191206.txt >> >> Please see the following page for further details of severity levels: >> https://www.openssl.org/policies/secpolicy.html >> >> Yours >> >> The OpenSSL Project Team >
Re: Forthcoming OpenSSL release
Will it include ONLY the CVE fix, or will it include other fixes, such as to the getrandom() call on some archs? commit 4dcb150ea30f9bbfa7946e6b39c30a86aca5ed02 Author: Kurt Roeckx Date: Sat Sep 28 14:59:32 2019 +0200 Add defines for __NR_getrandom for all Linux architectures Fixes: https://github.com/openssl/openssl/issues/10015 Reviewed-by: Bernd Edlinger GH: https://github.com/openssl/openssl/pull/10044 See https://github.com/nodejs/node/pull/32002 for background. On Wed, Mar 11, 2020 at 8:53 AM Matt Caswell wrote: > > The OpenSSL project team would like to announce the forthcoming release > of OpenSSL version 1.1.1e. > > This release will be made available on Tuesday 17th March 2020 between > 1300-1700 UTC. This will contain one LOW severity fix for CVE-2019-1551 > previously announced here: > https://www.openssl.org/news/secadv/20191206.txt > > Please see the following page for further details of severity levels: > https://www.openssl.org/policies/secpolicy.html > > Yours > > The OpenSSL Project Team
Forthcoming OpenSSL release
The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1e. This release will be made available on Tuesday 17th March 2020 between 1300-1700 UTC. This will contain one LOW severity fix for CVE-2019-1551 previously announced here: https://www.openssl.org/news/secadv/20191206.txt Please see the following page for further details of severity levels: https://www.openssl.org/policies/secpolicy.html Yours The OpenSSL Project Team
Forthcoming OpenSSL release
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.0.2u This release will be made available on Friday 20th December 2019 between 1300-1700 UTC. This will contain one LOW severity fix for CVE-2019-1551 previously announced here: https://www.openssl.org/news/secadv/20191206.txt Please see the following page for further details of severity levels: https://www.openssl.org/policies/secpolicy.html This is expected to be the last 1.0.2 release before its End Of Life date on 31st December 2019. Yours The OpenSSL Project Team -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl35aKkACgkQ2cTSbQ5g RJFTrQgAs5QMVDvkcEaSqKCKxYqTRaFlBCevtyEV/GaMdhWBEwGDsRfn+8jDSD20 i+UbtL6ymCf7xWrIFHbZaY4E/vyT1UhxkBYXj9DCS02eMRqwy7ileWxqs3xZ2Tiq vqCd+PR13hUdfnOZ62P8Uly9MaR7mTnf+bdJ1vvfOMI6DaUy1HqGghI9YHVwuwqE p6TR/jSCp64BpdsWSNKFTIwvd5u/LkpApO2ngLa5pB8BfUFPwu00ekYNtyb5qrya Gu3dIqJrirPl5ePaci/SC2lkjT2LjKcxIbXn1/rXN1WtsCItV9ztBdrjJvt/rbGM r8O+JOLIa0jEDAgC6fwgmeB7ryNY1w== =PqVo -END PGP SIGNATURE-
[openssl-users] Forthcoming OpenSSL release
Forthcoming OpenSSL release === The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.0.2n. There will be no OpenSSL 1.1.0 release at this time. This release will be made available on 7th December 2017 between approximately 1300-1700 UTC. This is a security-fix release. The highest severity issue fixed in this release is MODERATE. Please also note that, as per our previous announcements, support for 1.0.1 ended on 31st December 2016. Yours The OpenSSL Project Team signature.asc Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Forthcoming OpenSSL release
On 16/02/17 19:54, Nounou Dadoun wrote: > Sorry I haven't been following the discussion on this vulnerability > if there is one. The advisory says that " this can cause OpenSSL to > crash (dependent on ciphersuite) "; is there any indication about > which cipher suites are affected? So that we know whether we should > upgrade now or catch the next one, thanks ... N A malicious client (say) could cause a server to crash if it has been configured to support at least one AEAD ciphersuite and at least one non-AEAD ciphersuite. Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Forthcoming OpenSSL release
Sorry I haven't been following the discussion on this vulnerability if there is one. The advisory says that " this can cause OpenSSL to crash (dependent on ciphersuite) "; is there any indication about which cipher suites are affected? So that we know whether we should upgrade now or catch the next one, thanks ... N Nou Dadoun Senior Firmware Developer, Security Specialist Office: 604.629.5182 ext 2632 Support: 888.281.5182 | avigilon.com Follow Twitter | Follow LinkedIn This email, including any files attached hereto (the "email"), contains privileged and confidential information and is only for the intended addressee(s). If this email has been sent to you in error, such sending does not constitute waiver of privilege and we request that you kindly delete the email and notify the sender. Any unauthorized use or disclosure of this email is prohibited. Avigilon and certain other trade names used herein are the registered and/or unregistered trademarks of Avigilon Corporation and/or its affiliates in Canada and other jurisdictions worldwide. -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of OpenSSL Sent: Monday, February 13, 2017 12:53 AM To: openssl-annou...@openssl.org; openssl-users@openssl.org; openssl-...@openssl.org Subject: [openssl-users] Forthcoming OpenSSL release -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Forthcoming OpenSSL release === The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.0e This release will be made available on 16th February 2017 between 1200-1600 UTC, and will include a fix for a security defect classified as severity "High". This issue does not affect OpenSSL versions prior to 1.1.0. Please see the following page for further details of severity levels: https://www.openssl.org/policies/secpolicy.html Yours The OpenSSL Project Team -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBCAAGBQJYoXCaAAoJEAEKUEB8TIy92GwH+gMIr6v8IQE04/aHWlp+ilep RIPM3x+NAQCkBTSZDhYPRIfJPnbEfGY1hi6Og28SQwHyfClL8Kyg0rkcgEJa9Q1A evhXesZD6xwWiPbqS4yu/iAnjapCPDuNQOeH8toRBs97N4bZ5/SLN6a5UUQg3lQ6 4t3zHJMK3RDRl6O39xmU84qpP7iumGW8Br/0XD2DfPvF0hAJVO+IfvTHK1WEFZg3 j1bYFUEP3lFWnXQDN7h4e9dOKRioSADdl/Tj+Ibh51OBYwaE2xjqqsOs4VAjbG8x V17okImTVhXhKSEOw3wsNirjW/+ui6fDIjszUGTcmNSp+MLXvUB21+8OXaVTDQs= =DVlI -END PGP SIGNATURE- -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Forthcoming OpenSSL release
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Forthcoming OpenSSL release === The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.0e This release will be made available on 16th February 2017 between 1200-1600 UTC, and will include a fix for a security defect classified as severity "High". This issue does not affect OpenSSL versions prior to 1.1.0. Please see the following page for further details of severity levels: https://www.openssl.org/policies/secpolicy.html Yours The OpenSSL Project Team -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBCAAGBQJYoXCaAAoJEAEKUEB8TIy92GwH+gMIr6v8IQE04/aHWlp+ilep RIPM3x+NAQCkBTSZDhYPRIfJPnbEfGY1hi6Og28SQwHyfClL8Kyg0rkcgEJa9Q1A evhXesZD6xwWiPbqS4yu/iAnjapCPDuNQOeH8toRBs97N4bZ5/SLN6a5UUQg3lQ6 4t3zHJMK3RDRl6O39xmU84qpP7iumGW8Br/0XD2DfPvF0hAJVO+IfvTHK1WEFZg3 j1bYFUEP3lFWnXQDN7h4e9dOKRioSADdl/Tj+Ibh51OBYwaE2xjqqsOs4VAjbG8x V17okImTVhXhKSEOw3wsNirjW/+ui6fDIjszUGTcmNSp+MLXvUB21+8OXaVTDQs= =DVlI -END PGP SIGNATURE- -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] [openssl-announce] Forthcoming OpenSSL release
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Forthcoming OpenSSL release === The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.0c This release will be made available on 10th November 2016 between 1200-1600 UTC and will fix several security defects. The highest security defect being fixed is classified as severity "High", and does not affect OpenSSL versions prior to 1.1.0. Please see the following page for further details of severity levels: https://www.openssl.org/policies/secpolicy.html Yours The OpenSSL Project Team -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBCAAGBQJYIGF/AAoJEAEKUEB8TIy9lzYH/2M2KpYDo9dr1Nx8KobKx/jZ uzT9lI7oXujxnauQPVvTGcbX3RYswXbWXCh6c5TUXXanLQH0RQNvWJgmrdYrIzzD 22Softp4Djf67QZqjGGssrtTVeRf2q5ShgGHfbB7ShI6BEgN9QCzaelplNIyIMvH 6CixH6li5K4RkkmgaUvkWPsXGbyra2IzPzvJJCQF8rS3OZZcvCWWUC4U5qSFyzQJ KKj8C0loHimNVAYGXubuK8rZpsPzs+GQeLWI2koJLc9T3y96yumeJP9snUsN5pUi vatIay5LxXr9xKzGl79X6k75xlrJuEAxJcImvbstFAlftgMRCjyEKy4LGyBIgqA= =5j78 -END PGP SIGNATURE- -- openssl-announce mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-announce -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users