On 17/12/16 01:59, Peter Djalaliev (CS) wrote:
> Hello,
>
>
>
> Will commit
>
>
>
> Don't allow too many consecutive warning alerts
>
>
>
> author Matt Caswell
>
> Wed, 21 Sep 2016 08:07:31 -0500 (14:07 +0100)
>
> committerMatt Caswell
>
> Wed, 21 Sep 2016 14:17:04 -0500 (20:17 +0100)
>
> commit af58be768ebb690f78530f796e92b8ae5c9a4401
>
> tree087701bd731382d1933438bcd73cb7029264e16b
>
> parent 7dc0ad4d6dca81a003be7fa1fbd58a55f4be8646
>
>
>
> be backported to 1.0.1? This has been assigned CVE-2016-8610. I
> understand that OpenSSL 1.0.1 is going EOL on Dec 31.
I've been asked this a few times. CVE-2016-8610 was not issued by the
OpenSSL Project and is not recognised as a security issue by us (it does
not appear in any OpenSSL Security Advisory). The referenced commit is
viewed as a bug fix and for that reason will not be backported to 1.0.1
(the 1.0.1 series only receives security fixes).
Matt
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev