subject:"\[openssl\-dev\] CVE\-2016\-2177"

Re: [openssl-dev] CVE-2016-2177

2016-06-29 Thread Salz, Rich

No, just do it. -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz > -Original Message- > From: Philip Bellino [mailto:pbell...@mrv.com] > Sent: Wednesday, June 29, 2016 3:00 PM > To: openssl-dev@openssl.org > Subject: Re: [openssl-dev

Re: [openssl-dev] CVE-2016-2177

2016-06-29 Thread Philip Bellino

-Original Message- From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Salz, Rich Sent: Tuesday, June 28, 2016 11:23 AM To: openssl-dev@openssl.org Subject: Re: [openssl-dev] CVE-2016-2177 >Will you be releasing 1.0.2i soon to address this issue? > https://web.nvd.ni

Re: [openssl-dev] CVE-2016-2177

2016-06-28 Thread Salz, Rich

>Will you be releasing 1.0.2i soon to address this issue? > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2177 Please see https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ Short answer: this is a LOW issue, and does not justify a release by itself. -- Sen

[openssl-dev] CVE-2016-2177

2016-06-28 Thread Philip Bellino

Hello, Will you be releasing 1.0.2i soon to address this issue? https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2177 openssl -- openssl OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of