Re: [openssl-dev] backporting CVE-2016-8610 fix to 1.0.1 branch

[Matt Caswell]

On 17/12/16 01:59, Peter Djalaliev (CS) wrote:
> Hello,
> 
>  
> 
> Will commit
> 
>  
> 
> Don't allow too many consecutive warning alerts
> 
>  
> 
> author   Matt Caswell   
> 
> Wed, 21 Sep 2016 08:07:31 -0500 (14:07 +0100)
> 
> committerMatt Caswell   
> 
> Wed, 21 Sep 2016 14:17:04 -0500 (20:17 +0100)
> 
> commit  af58be768ebb690f78530f796e92b8ae5c9a4401
> 
> tree087701bd731382d1933438bcd73cb7029264e16b
> 
> parent   7dc0ad4d6dca81a003be7fa1fbd58a55f4be8646
> 
>  
> 
> be backported to 1.0.1? This has been assigned CVE-2016-8610. I
> understand that OpenSSL 1.0.1 is going EOL on Dec 31.

I've been asked this a few times. CVE-2016-8610 was not issued by the
OpenSSL Project and is not recognised as a security issue by us (it does
not appear in any OpenSSL Security Advisory). The referenced commit is
viewed as a bug fix and for that reason will not be backported to 1.0.1
(the 1.0.1 series only receives security fixes).

Matt

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] backporting CVE-2016-8610 fix to 1.0.1 branch

[Peter Djalaliev (CS)]

Hello,

Will commit

Don't allow too many consecutive warning alerts

author   Matt Caswell 
Wed, 21 Sep 2016 08:07:31 -0500 (14:07 +0100)
committerMatt Caswell 
Wed, 21 Sep 2016 14:17:04 -0500 (20:17 +0100)
commit  af58be768ebb690f78530f796e92b8ae5c9a4401
tree087701bd731382d1933438bcd73cb7029264e16b
parent   7dc0ad4d6dca81a003be7fa1fbd58a55f4be8646

be backported to 1.0.1? This has been assigned CVE-2016-8610. I understand that 
OpenSSL 1.0.1 is going EOL on Dec 31.

Thank you,
Peter Djalaliev

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev