Re: [openssl-announce] Forthcoming OpenSSL releases

2015-03-18 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 16/03/15 19:05, Matt Caswell wrote: Forthcoming OpenSSL releases The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf. These releases

[openssl-announce] Forthcoming OpenSSL releases

2015-03-16 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Forthcoming OpenSSL releases The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf. These releases will be made available on 19th March. They will

[openssl-announce] Forthcoming OpenSSL releases

2017-10-30 Thread Matt Caswell
Forthcoming OpenSSL releases The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.0g and 1.0.2m. These releases will be made available on 2nd November 2017 between approximately 1300-1700 UTC. This is a bug-fix release. It

Re: [openssl-announce] Forthcoming OpenSSL releases

2017-10-30 Thread Matt Caswell
On 30/10/17 13:50, Matt Caswell wrote: > Forthcoming OpenSSL releases > > > The OpenSSL project team would like to announce the forthcoming release > of OpenSSL versions 1.1.0g and 1.0.2m. > > These releases will be made available on 2nd

[openssl-announce] Forthcoming OpenSSL releases

2018-08-07 Thread Matt Caswell
Forthcoming OpenSSL releases The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.0i and 1.0.2p. These releases will be made available on 14th August 2018 between approximately 1200-1600 UTC. These are bug-fix releases.

[openssl-announce] OpenSSL Security Advisory

2018-11-12 Thread Matt Caswell
OpenSSL Security Advisory [12 November 2018] Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) === Severity: Low OpenSSL ECC scalar

[openssl-announce] Forthcoming OpenSSL Releases

2018-11-14 Thread Matt Caswell
The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.1a, 1.1.0j and 1.0.2q. These releases will be made available on 20th November 2018 between approximately 1300-1700 UTC. These are bug-fix releases. They also contain the fixes for three LOW severity

[openssl-announce] OpenSSL Versioning and License

2018-11-28 Thread Matt Caswell
Please see the following blog post about OpenSSL Versioning and License: https://www.openssl.org/blog/blog/2018/11/28/version/ Matt -- openssl-announce mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-announce

[openssl-announce] OpenSSL 3.0 and FIPS Update

2019-02-13 Thread Matt Caswell
Please see my blog post for an OpenSSL 3.0 and FIPS Update: https://www.openssl.org/blog/blog/2019/02/13/FIPS-update/ Matt -- openssl-announce mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-announce

Forthcoming OpenSSL Releases

2019-02-19 Thread Matt Caswell
The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.1b and 1.0.2r. There will be no new 1.1.0 release at this time. These releases will be made available on 26th February 2019 between approximately 1300-1700 UTC. OpenSSL 1.0.2r is a security-fix

Re: Forthcoming OpenSSL Releases

2019-05-29 Thread Matt Caswell
On 21/05/2019 16:43, Matt Caswell wrote: > The OpenSSL project team would like to announce the forthcoming release > of OpenSSL versions 1.1.1c, 1.1.0k and 1.0.2s. > > These releases will be made available on 28th May 2019 between approximately > 1200-1600 UTC. > > Open

Forthcoming OpenSSL Releases

2019-05-21 Thread Matt Caswell
The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.1c, 1.1.0k and 1.0.2s. These releases will be made available on 28th May 2019 between approximately 1200-1600 UTC. OpenSSL 1.1.0k and 1.0.2s contain security hardening bug fixes only but do not

Re: Forthcoming OpenSSL Releases

2019-09-11 Thread Matt Caswell
On 03/09/2019 17:19, Matt Caswell wrote: > The OpenSSL project team would like to announce the forthcoming release > of OpenSSL versions 1.1.1d, 1.1.0l and 1.0.2t. > > These releases will be made available on 10th September 2019 between > approximately 1200-1600 UTC. > > T

OpenSSL Blog Post

2019-11-07 Thread Matt Caswell
Please take a look at my blog post that gives an update on OpenSSL 3.0 development, FIPS and 1.0.2 EOL: https://www.openssl.org/blog/blog/2019/11/07/3.0-update/ Matt

Forthcoming OpenSSL release

2019-12-17 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.0.2u This release will be made available on Friday 20th December 2019 between 1300-1700 UTC. This will contain one LOW severity fix for CVE-2019-1551

Forthcoming OpenSSL release

2020-03-11 Thread Matt Caswell
The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1e. This release will be made available on Tuesday 17th March 2020 between 1300-1700 UTC. This will contain one LOW severity fix for CVE-2019-1551 previously announced here:

Forthcoming OpenSSL Release

2020-03-28 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1f. This release will be made available on Tuesday 31st March 2020 between 1200-1600 UTC. This is a bug fix only release. Yours The OpenSSL Project

Forthcoming OpenSSL Release

2020-04-14 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1g. This release will be made available on Tuesday 21st April 2020 between 1300-1700 UTC. OpenSSL 1.1.g is a security-fix release. The highest severity

OpenSSL is looking for a full time Administrator and Manager

2020-09-05 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The OpenSSL Management Committee are looking to hire a full time Administrator and Manager. Details of the role can be found here: https://www.openssl.org/blog/blog/2020/09/05/OpenSSL.ProjectAdminRole/ To apply please send your cover letter and

OpenSSL version 3.0.0-beta1 published

2021-06-17 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 3.0 beta 1 released === OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ OpenSSL 3.0 is currently in beta. OpenSSL 3.0 beta 1 has now been made available.

Forthcoming OpenSSL Release

2021-02-09 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1j. This release will be made available on Tuesday 16th February 2021 between 1300-1700 UTC. OpenSSL 1.1.1j is a security-fix release. The highest

Forthcoming OpenSSL release

2021-03-22 Thread Matt Caswell
The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1k. This release will be made available on Thursday 25th March 2021 between 1300-1700 UTC. OpenSSL 1.1.1k is a security-fix release. The highest severity issue fixed in this release is HIGH:

Forthcoming OpenSSL release

2021-08-17 Thread Matt Caswell
The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1l. This release will be made available on Tuesday 24th August 2021 between 1200-1600 UTC. OpenSSL 1.1.1l is a security-fix release. The highest severity issue fixed in this release is HIGH:

OpenSSL version 1.1.1l published

2021-08-24 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 1.1.1l released === OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.1.1l of our open

OpenSSL Security Advisory

2021-08-24 Thread Matt Caswell
essed before the final release. This issue was reported to OpenSSL on 12th August 2021 by John Ouyang. The fix was developed by Matt Caswell. Read buffer overruns processing ASN.1 strings (CVE-2021-3712) = Severity: Moderate ASN.1 stri

OpenSSL version VERSION published

2021-07-29 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 3.0 beta 2 released === OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ OpenSSL 3.0 is currently in beta. OpenSSL 3.0 beta 2 has now been made available.

Forthcoming OpenSSL Releases

2021-12-07 Thread Matt Caswell
The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.1m and 3.0.1. These releases will be made available on Tuesday 14th December 2021 between 1300-1700 UTC. OpenSSL 3.0.1 is a security and bug fix release. The highest severity issue fixed in this

OpenSSL version 3.0.1 published

2021-12-14 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 3.0.1 released == OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 3.0.1 of our open source

OpenSSL Security Advisory

2021-12-14 Thread Matt Caswell
. Users of this version should upgrade to OpenSSL 3.0.1. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue. This issue was reported to OpenSSL on 29th November 2021 by Tobias Nießen. The fix was developed by Matt Caswell and Tobias Nießen. Note OpenSSL 1.0.2 is out of support

OpenSSL version 3.0.2 published

2022-03-15 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 3.0.2 released == OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 3.0.2 of our open source

OpenSSL version 1.1.1n published

2022-03-15 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 1.1.1n released === OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.1.1n of our open

OpenSSL Security Advisory

2022-03-15 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL Security Advisory [15 March 2022] Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)

Forthcoming OpenSSL releases

2022-03-08 Thread Matt Caswell
The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 3.0.2 and 1.1.1n. These releases will be made available on Tuesday 15th March 2022 between 1300-1700 UTC. These are security-fix releases. The highest severity issue fixed in these releases is HIGH:

OpenSSL 3.0 LTS

2022-03-04 Thread Matt Caswell
OpenSSL 3.0 has recently been designated as a Long Term Support (LTS) release. This means that it will now be supported until 7th September 2026 (5 years after its initial release). Our previous LTS release (1.1.1) will continue to be supported until 11th September 2023. We encourage all

OpenSSL Security Advisory

2022-01-28 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL Security Advisory [28 January 2022] === BN_mod_exp may produce incorrect results on MIPS (CVE-2021-4160) Severity: Moderate There is

Forthcoming OpenSSL Releases

2022-04-19 Thread Matt Caswell
The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 3.0.3 and 1.1.1o. These releases will be made available on Tuesday 26th April 2022 between 1300-1700 UTC. These are security-fix releases. The highest severity issue fixed in these releases is MODERATE:

Re: Forthcoming OpenSSL Releases

2022-04-26 Thread Matt Caswell
: https://www.openssl.org/policies/secpolicy.html#moderate Yours The OpenSSL Project Team On 19/04/2022 20:51, Matt Caswell wrote: The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 3.0.3 and 1.1.1o. These releases will be made available on Tuesday 26th

OpenSSL version 1.1.1o published

2022-05-03 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 1.1.1o released === OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.1.1o of our open

OpenSSL version 3.0.3 published

2022-05-03 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 3.0.3 released == OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 3.0.3 of our open source

OpenSSL Security Advisory

2022-05-03 Thread Matt Caswell
s issue was reported to OpenSSL on the 6th April 2022 by Raul Metsma. The fix was developed by Matt Caswell from OpenSSL. Incorrect MAC key used in the RC4-MD5 ciphersuite (CVE-2022-1434) = Severity: Low The OpenSSL 3.0 implement

OpenSSL version 1.1.1p published

2022-06-21 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 1.1.1p released === OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.1.1p of our open

OpenSSL version 3.0.4 published

2022-06-21 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 3.0.4 released == OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 3.0.4 of our open source

OpenSSL Security Advisory

2022-06-21 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL Security Advisory [21 June 2022] The c_rehash script allows command injection (CVE-2022-2068) Severity: Moderate In addition to the