Additional
analysis was provided by David Benjamin (Google). The fix was developed by
Matt Caswell.
General Advisory Notes
==
URL for this Security Advisory:
https://www.openssl.org/news/secadv/20240627.txt
Note: the online version of the advisory may be updated with additional de
Branch: refs/heads/master
Home: https://github.com/openssl/technical-policies
Commit: 9aaea0fd5f8453c6f2d68562d780c52e7aa08718
https://github.com/openssl/technical-policies/commit/9aaea0fd5f8453c6f2d68562d780c52e7aa08718
Author: Matt Caswell
Date: 2024-06-18 (Tue, 18 Jun 2024
Branch: refs/heads/master
Home: https://github.com/openssl/technical-policies
Commit: e99a4d4b8112d70da47bf5d81712756d76bcf343
https://github.com/openssl/technical-policies/commit/e99a4d4b8112d70da47bf5d81712756d76bcf343
Author: Matt Caswell
Date: 2024-06-14 (Fri, 14 Jun 2024
Branch: refs/heads/master
Home: https://github.com/openssl/technical-policies
Commit: 01ced135b96e585df33a89151feb65bf7325e4c3
https://github.com/openssl/technical-policies/commit/01ced135b96e585df33a89151feb65bf7325e4c3
Author: Matt Caswell
Date: 2024-06-04 (Tue, 04 Jun 2024
OTC members who were not present in today's meeting please vote on the
following topic:
Topic: Allow the backport of the AES-XTS optimization on Power platform
as per
#24531 to all branches back to 3.0 subject to the standard review process
normal review process
Please place your votes here:
Branch: refs/heads/master
Home: https://github.com/openssl/technical-policies
Commit: 61a97034868bcc026acd955d0996834a964a7a1c
https://github.com/openssl/technical-policies/commit/61a97034868bcc026acd955d0996834a964a7a1c
Author: Matt Caswell
Date: 2024-06-03 (Mon, 03 Jun 2024
c88c3de510 (for 3.2), commit 704f725b96 (for 3.1) and commit b3f0eb0a29
(for 3.0) in the OpenSSL git repository. It is available to premium support
customers in commit f7a045f314 (for 1.1.1).
This issue was reported on 10th April 2024 by William Ahern (Akamai). The fix
was developed by Matt Caswell and
OTC members who were not present in today's OTC meeting, please vote on
the following:
Topic: OTC approve the FIPS indicator design presented in PR#23609
subject to the normal review process
Please record your votes here:
https://github.com/openssl/technical-policies/issues/95
Matt
Branch: refs/heads/master
Home: https://github.com/openssl/technical-policies
Commit: 0acf9e537ae5a0831da2a8094204bc4701ced54d
https://github.com/openssl/technical-policies/commit/0acf9e537ae5a0831da2a8094204bc4701ced54d
Author: Matt Caswell
Date: 2024-05-28 (Tue, 28 May 2024
Hi Randall,
The logo is managed by the OpenSSL Management Committee (OMC):
https://www.openssl.org/community/omc.html
I'm not sure we were necessarily looking for a new logo, but if you have
some ideas for alternatives we'd love to see them. You can contact the
OMC by emailing osf-cont...@ope
Please see the new blog post here:
https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
OpenPGP_0xD9C4D26D0E604491.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
Branch: refs/heads/master
Home: https://github.com/openssl/technical-policies
Commit: 95b43d3949d5dc28c119069a9613db21a6ebe645
https://github.com/openssl/technical-policies/commit/95b43d3949d5dc28c119069a9613db21a6ebe645
Author: Matt Caswell
Date: 2022-10-18 (Tue, 18 Oct 2022
Branch: refs/heads/master
Home: https://github.com/openssl/technical-policies
Commit: 27e90c5a782bdc500efa0c86d5e625740b4c54f8
https://github.com/openssl/technical-policies/commit/27e90c5a782bdc500efa0c86d5e625740b4c54f8
Author: Matt Caswell
Date: 2022-10-18 (Tue, 18 Oct 2022
We have received a report of a significant regression in the latest
3.0.6 and 1.1.1r versions. The regression is not thought to have
security consequences. While the regression is further investigated we
have taken the decision to withdraw the 3.0.6 and 1.1.1r versions and
instead recommend that
Supercomputing Center. The fix was developed by Matt Caswell.
References
==
URL for this Security Advisory:
https://www.openssl.org/news/secadv/20221011.txt
Note: the online version of the advisory may be updated with additional details
over time.
For details of OpenSSL severity
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.0.6 released
==
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 3.0.6 of our open source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 1.1.1r released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.1r of our open sour
Branch: refs/heads/master
Home: https://github.com/openssl/technical-policies
Commit: 4d4adbb1222a01924656f14def143a9327ac253d
https://github.com/openssl/technical-policies/commit/4d4adbb1222a01924656f14def143a9327ac253d
Author: Matt Caswell
Date: 2022-10-11 (Tue, 11 Oct 2022
OTC members please vote on the following issue:
https://github.com/openssl/technical-policies/issues/55
Matt
Hello,
The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 3.0.6 and 1.1.1r.
These releases will be made available on Tuesday 11th October 2022
between 1300-1700 UTC.
OpenSSL 3.0.6 is a security-fix release. The highest severity issue
fixed in OpenSSL 3.
Vote called on https://github.com/openssl/general-policies/pull/27
Matt
Please read the blog post about this here:
https://www.openssl.org/blog/blog/2022/08/24/FIPS-validation-certificate-issued/
Matt
As well as normal reviews, attending regular OMC and OTC meetings,
attending daily stand up and sprint planning meetings, responding to
user queries, wiki user requests, OMC business, sys-admin, support
customer issues, responding to public github issues, CLA submissions,
handling security repo
Branch: refs/heads/master
Home: https://github.com/openssl/technical-policies
Commit: e83bed7a99ddb318c4e21008f86405a744f291cc
https://github.com/openssl/technical-policies/commit/e83bed7a99ddb318c4e21008f86405a744f291cc
Author: Matt Caswell
Date: 2022-08-02 (Tue, 02 Aug 2022
Branch: refs/heads/master
Home: https://github.com/openssl/technical-policies
Commit: 22c31c1a4d4c7edb6880225b17b00302576551ab
https://github.com/openssl/technical-policies/commit/22c31c1a4d4c7edb6880225b17b00302576551ab
Author: Matt Caswell
Date: 2022-08-01 (Mon, 01 Aug 2022
Branch: refs/heads/master
Home: https://github.com/openssl/technical-policies
Commit: 257a198460f3c5333f12e141af187b0cbdf905b0
https://github.com/openssl/technical-policies/commit/257a198460f3c5333f12e141af187b0cbdf905b0
Author: Matt Caswell
Date: 2022-07-25 (Mon, 25 Jul 2022
Topic: Deprecate long and add notes on integer types
Proposed by: Matt Caswell
Issue link: https://github.com/openssl/technical-policies/pull/51
Public: yes
Opened: 2022-07-25
Closed: -MM-DD
Accepted: yes/no (for: X, against: Y, abstained: Z, not voted: W)
Dmitry [ ]
Matt
As well as normal reviews, attending regular OMC and OTC meetings,
attending daily stand up and sprint planning meetings, responding to
user queries, wiki user requests, OMC business, sys-admin, support
customer issues, responding to public github issues, CLA submissions,
handling security repo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [21 June 2022]
The c_rehash script allows command injection (CVE-2022-2068)
Severity: Moderate
In addition to the c_reh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.0.4 released
==
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 3.0.4 of our open source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 1.1.1p released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.1p of our open sour
There was some discussion during the OMC meeting today about stopping
Windows XP and Windows Server 2003 support. No decision was made but it
led me to write up this proposal:
https://github.com/openssl/general-policies/issues/22
I'm not calling an actual vote yet just gathering feedback. P
OpenSSL is looking to hire a Platform Engineer (a sysadmin role).
Details of the role are here:
https://www.openssl.org/blog/blog/2022/05/30/hiring-platform-engineer/
Matt
As well as normal reviews, attending regular OMC and OTC meetings,
attending daily stand up and sprint planning meetings, responding to
user queries, wiki user requests, OMC business, sys-admin, support
customer issues, responding to public github issues, CLA submissions,
handling security repo
On 23/05/2022 22:41, Stephen Farrell wrote:
Hi,
Back in November 2021 (~6 months ago) I created a PR [1]
suggesting an implementation of RFC 9180. In discussion,
the "need OMC decision" tag was added to the PR on Dec
14th.
Since then, I have heard nothing at all and so far as I
can see, fr
Acknowledging receipt of this. We'll get back to you on it.
Matt
On 23/05/2022 22:41, Stephen Farrell wrote:
Hi,
Back in November 2021 (~6 months ago) I created a PR [1]
suggesting an implementation of RFC 9180. In discussion,
the "need OMC decision" tag was added to the PR on Dec
14th.
Sin
Please see the following blog post for details of the role:
https://www.openssl.org/blog/blog/2022/05/18/hiring-business-operations-administrator/
Matt
As well as normal reviews, attending regular OMC and OTC meetings,
attending daily stand up meetings, responding to user queries, wiki user
requests, OMC business, sys-admin, support customer issues, CLA
submissions, handling security reports, etc., key activities this month:
Started looking a
: Accept the security policy as of
53b2fdfc640960da03ab9519e27de6c0fefe7dd6
Proposed by: Matt Caswell
Issue link: https://github.com/openssl/general-policies/pull/18
Public: yes
Opened: 2022-05-04
Closed: -MM-DD
Accepted: yes/no (for: X, against: Y, abstained: Z, not voted: W)
Kurt
s issue was reported to OpenSSL on the 6th April 2022 by Raul Metsma. The fix
was developed by Matt Caswell from OpenSSL.
Incorrect MAC key used in the RC4-MD5 ciphersuite (CVE-2022-1434)
=
Severity: Low
The OpenSSL 3.0 implement
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 1.1.1o released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.1o of our open sour
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.0.3 released
==
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 3.0.3 of our open source
:
https://www.openssl.org/policies/secpolicy.html#moderate
Yours
The OpenSSL Project Team
On 19/04/2022 20:51, Matt Caswell wrote:
The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 3.0.3 and 1.1.1o.
These releases will be made available on Tuesday 26th
The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 3.0.3 and 1.1.1o.
These releases will be made available on Tuesday 26th April 2022
between 1300-1700 UTC.
These are security-fix releases. The highest severity issue
fixed in these releases is MODERATE:
h
As well as normal reviews, attending regular OMC and OTC meetings,
attending daily stand up meetings, responding to user queries, wiki user
requests, OMC business, sys-admin, support customer issues, CLA
submissions, handling security reports, etc., key activities this month:
Wrote the QUIC SS
Topic: Accept the technical requirements document provided in
openssl/openssl#17577
OTC members please cast your votes here:
https://github.com/openssl/technical-policies/issues/37
Matt
Due to a procedural issue this vote has been restarted.
OMC members should cast their vote here (even if they previously voted
on this):
https://github.com/openssl/general-policies/issues/12
Matt
On 02/03/2022 10:54, Matt Caswell wrote:
The proposal is:
We should add linux-x86, linux
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [15 March 2022]
Infinite loop in BN_mod_sqrt() reachable when parsing certificates
(CVE-2022-0778)
==
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 1.1.1n released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.1n of our open sour
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.0.2 released
==
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 3.0.2 of our open source
That script should really be moved to the tools repo.
Also I think there are a large number of PRs which the script isn't
pinging at the moment, but which are completely stale and haven't been
touched (for years in some cases). Perhaps we could have a "no activity"
ping...and after so long of
On 14/03/2022 10:29, Mark J Cox wrote:
We have a script that runs daily and makes sure things needing action
for OTC/OMC are pinged if they get old. It also autocloses issues
where it was waiting for the reporter with no action, or waiting for a
NDA for a significant amount of time.
I assume
The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 3.0.2 and 1.1.1n.
These releases will be made available on Tuesday 15th March 2022
between 1300-1700 UTC.
These are security-fix releases. The highest severity issue
fixed in these releases is HIGH:
https
OpenSSL 3.0 has recently been designated as a Long Term Support (LTS)
release. This means that it will now be supported until 7th September
2026 (5 years after its initial release).
Our previous LTS release (1.1.1) will continue to be supported until
11th September 2023.
We encourage all use
The proposal is:
We should add linux-x86, linux-generic32 and linux-generic64 as primary
platforms in the platform policy
OMC members should vote here:
https://github.com/openssl/general-policies/issues/12
As well as normal reviews, attending regular OMC and OTC meetings,
attending daily stand up meetings, responding to user queries, wiki user
requests, OMC business, sys-admin, support customer issues, CLA
submissions, handling security reports, etc., key activities this month:
Worked on Proof o
I am pleased to be able to welcome Todd Short as the newest member of
the OpenSSL committer team. Todd has been a long time member of the
OpenSSL community and already has many commits to his name.
Welcome on board!
Matt
The OMC vote for the following proposal has now started:
"We should announce that the next LTS release will be 3.0"
OMC members please cast your votes here:
https://github.com/openssl/general-policies/issues/9
Matt
As well as normal reviews, attending regular OMC and OTC meetings,
attending daily stand up meetings, responding to user queries, wiki user
requests, OMC business, sys-admin, support customer issues, CLA
submissions, handling security reports, etc., key activities this month:
Created a PR to c
The OMC vote for this policy proposal has now started.
OMC members please cast your votes here:
https://github.com/openssl/general-policies/pull/2
Matt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [28 January 2022]
===
BN_mod_exp may produce incorrect results on MIPS (CVE-2021-4160)
Severity: Moderate
There is a
The OTC vote for this policy proposal has now started.
OTC members please cast your votes here:
https://github.com/openssl/technical-policies/pull/17
Matt
The OMC vote for this policy proposal has now started.
OMC members please cast your votes here:
https://github.com/openssl/general-policies/pull/1
Matt
The OTC vote for this policy proposal has now started.
OTC members please cast your votes here:
https://github.com/openssl/technical-policies/pull/13
Matt
As well as normal reviews, attending regular OMC and OTC meetings,
attending daily stand up meetings, responding to user queries, wiki user
requests, OMC business, sys-admin, support customer issues, CLA
submissions, handling security reports, etc., key activities this month:
- Attended many Q
. Users of this version
should upgrade to OpenSSL 3.0.1.
OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.
This issue was reported to OpenSSL on 29th November 2021 by Tobias Nießen. The
fix was developed by Matt Caswell and Tobias Nießen.
Note
OpenSSL 1.0.2 is out of support and no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.0.1 released
==
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 3.0.1 of our open source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 1.1.1m released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.1m of our open sour
See this PR for a first pass attempt at writing a testing policy:
https://github.com/openssl/technical-policies/pull/13
Matt
I forgot I was now supposed to record these votes as issues in the
technical policies repository.
I have now done so:
https://github.com/openssl/technical-policies/issues/12
Matt
On 07/12/2021 10:35, Matt Caswell wrote:
topic: Accept PR #16705 into 3.0 subject to the normal review process
I've created a proposal for an OMC support and Stability Policy here:
https://github.com/openssl/general-policies/pull/3
This is intended to be complementary to the OTC's Stable Release
Update's Policy currently in review here:
https://github.com/openssl/technical-policies/pull/8
The content
The OTC have previously created policies for how voting and policy
updates should occur.
The policies are here:
https://github.com/openssl/technical-policies/blob/master/policies/voting-procedure.md
https://github.com/openssl/technical-policies/blob/master/policies/policy-change-process.md
I'v
The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 1.1.1m and 3.0.1.
These releases will be made available on Tuesday 14th December 2021
between 1300-1700 UTC.
OpenSSL 3.0.1 is a security and bug fix release. The highest severity
issue fixed in this rele
topic: Accept PR #16705 into 3.0 subject to the normal review process
Proposed by Matt Caswell
Public: yes
opened: 2021-12-07
closed: 2021-12-07
accepted: yes (for: 4, against: 1, abstained: 3, not voted: 2)
Dmitry [+0]
Matt [+1]
Pauli [-0]
Tim[-1]
Richard
Event Loop Design
https://github.com/openssl/pull/17185
-Original Message-
From: openssl-users On Behalf Of Matt
Caswell
Sent: Friday, December 3, 2021 1:05 PM
To: openssl-project@openssl.org; openssl-us...@openssl.org
Subject: Starting the QUIC Design
Please see my blog post on
Please see my blog post on starting the QUIC design here:
https://www.openssl.org/blog/blog/2021/12/03/starting-the-quic-design/
Matt
As well as normal reviews, attending regular OMC and OTC meetings,
attending daily stand up meetings, responding to user queries, wiki user
requests, OMC business, sys-admin, support customer issues, CLA
submissions, handling security reports, etc., key activities this month:
- Investigated an
The OTC vote for this policy proposal has now started.
OTC members please cast your votes here:
https://github.com/openssl/technical-policies/pull/9
Matt
Please see the new blog post by Tim Hudson giving an update on the
OpenSSL Project.
https://www.openssl.org/blog/blog/2021/11/25/openssl-update/
Matt
As per our new policy voting procedure the vote on the design process
policy is now open in this PR:
https://github.com/openssl/technical-policies/pull/3
Matt
+1
On 01/11/2021 10:23, Tomas Mraz wrote:
topic: Accept openssl/technical-policies PR#1 - the policy change
process proposal as of commit 3bccdf6. This will become an official OTC
policy.
comment: This will implement the formal policy change process so we can
introduce and amend further policie
I have proposed a new policy for creating designs here:
https://github.com/openssl/technical-policies/pull/3
Please take a look. It would be good to discuss this at tomorrow's OTC.
Matt
As well as normal reviews, responding to user queries, wiki user
requests, OMC business, support customer issues, CLA submissions,
handling security reports, etc., key activities this month:
- Numerous OMC related tasks
- Investigated issue with RSA and padding with RSA_PKCS1_WITH_TLS_PADDING
- I
I have now closed this vote:
topic: Accept PR#16725 as a bug fix for backport into 3.0 subject to the
normal
review process
Proposed by Matt Caswell
Public: yes
opened: 2021-10-19
closed: 2021-10-20
accepted: yes (for: 4, against: 2, abstained: 4, not voted: 0)
Dmitry [+0
your decision.
Cheers,
Nicola
On Tue, Oct 19, 2021 at 9:10 PM Kurt Roeckx wrote:
On Tue, Oct 19, 2021 at 11:07:26AM +0100, Matt Caswell wrote:
topic: Accept PR#16725 as a bug fix for backport into 3.0 subject to the
normal review process
So we have various people voting -1. Does someone want to explain
why they vote -1?
Kurt
topic: Accept PR#16725 as a bug fix for backport into 3.0 subject to the
normal review process
Proposed by Matt Caswell
Public: yes
opened: 2021-10-19
closed: 2021-mm-dd
accepted: yes/no (for: X, against: Y, abstained: Z, not voted: T)
Dmitry [+0]
Matt [+1]
Pauli
FYI, the OMC have agreed the attached release requirements document.
Matt
# OMC Release Requirements
This document provides information on the OMC requirements and expectations for the next release after 3.0 and subsequent releases.
## Release timeframe
The OMC objective is to have shorter rel
My proposed agenda for the next OTC meeting (2021-10-19):
1) Nominate a minute taker and confirm agenda
2) Review policy process strawman
3) PR #16725
4) Agree agenda for next meeting
5) AOB
Matt
As well as normal reviews, responding to user queries, wiki user
requests, OMC business, support customer issues, CLA submissions,
handling security reports, etc., key activities this month:
- Significant amount of time spent on various OMC tasks this month
- Prepared various website updates read
On 23/09/2021 21:51, Kurt Roeckx wrote:
On Thu, Sep 23, 2021 at 09:42:01PM +0200, Dmitry Belyavsky wrote:
Hello Matt,
The link
https://csrc.nist.gov/projects/cryptographic-module-validation-program/modules-in-processmodules-in-process-list
(You can see the official listing for the submission
FYI, please see my blog post about the OpenSSL 3 FIPS submission here:
https://www.openssl.org/blog/blog/2021/09/22/OpenSSL3-fips-submission/
Matt
topic: Increase the default security level from 1 to 2 in master
Proposed by Matt Caswell
Public: yes
opened: 2021-09-21
closed: 2021-09-21
accepted: yes (for: 7, against: 1, abstained: 1, not voted: 1)
Dmitry [+1]
Matt [+1]
Pauli [+1]
Tim[+0]
Richard[+1
topic: Allow the restart of merging of non-breaking small features to
the master
branch
Proposed by Matt Caswell
Public: yes
opened: 2021-09-14
closed: 2021-09-14
accepted: yes (for: 5, against: 1, abstained: 1, not voted: 2)
Dmitry [+1]
Matt [+1]
Pauli [ ]
Tim
As well as normal reviews, responding to user queries, wiki user
requests, OMC business, support customer issues, CLA submissions,
handling security reports, etc., key activities this month:
- Implemented the (extended) patch CVE-2021-3712 as well as significant
analysis time spent on this issue
+1
On 31/08/2021 10:15, Dr Paul Dale wrote:
topic: Create `openssl-3.0' git branch today.
comment: This cascades to other names/version information on GitHub.
For example, change the release version information in the
master branch to 3.1.0-dev
Proposed by Pauli.
Public: yes
+1
On 31/08/2021 09:47, Dr Paul Dale wrote:
topic:
/Release 3.0.0 final on Tuesday the 7th of September 2021 if
run-checker and CI builds have been clean for two days./
Proposed by Pauli.
Public: yes
opened: 2021-08-31
closed: 2021-08-31
accepted: yes (for: 8, against: 0, abstained:
essed before the final release.
This issue was reported to OpenSSL on 12th August 2021 by John Ouyang. The fix
was developed by Matt Caswell.
Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
=
Severity: Moderate
ASN.1 stri
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 1.1.1l released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.1l of our open sour
FYI, OTC met today to discuss the 3.0 final release. Due to the security
release taking place later today they decided that 3.0 final will not be
released this week.
Matt
The OpenSSL project team would like to announce the forthcoming
release of OpenSSL version 1.1.1l.
This release will be made available on Tuesday 24th August 2021
between 1200-1600 UTC.
OpenSSL 1.1.1l is a security-fix release. The highest severity issue
fixed in this release is HIGH:
https://ww
1 - 100 of 642 matches
Mail list logo