> I am a bit surprised with the following assertion concerning CVE-2016-0798 :
> (Memory leak in SRP database lookups)
> "This issue was discovered on February 23rd 2016..."
Yes, Michel, sorry. You did create a ticket:
https://rt.openssl.org/Ticket/Display.html?id=4172
Thanks for being so go
Hi,
I am a bit surprised with the following assertion concerning CVE-2016-0798 :
(Memory leak in SRP database lookups)
"This issue was discovered on February 23rd 2016..."
My opinion is that this issue is known at least since I reported it to you
(first in march 2015 !) :
https://mta.openssl.org/
On Thu, Jul 09, 2015 at 01:13:30PM +, Salz, Rich wrote:
> > This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.
>
> In other words, if you are not using those specific releases -- i.e., the
> ones that came out less than 30 days ago -- you do not need to upgrade.
More accu
