Re: Forthcoming OpenSSL Releases

2019-05-29 Thread Matt Caswell


On 21/05/2019 16:43, Matt Caswell wrote:
> The OpenSSL project team would like to announce the forthcoming release
> of OpenSSL versions 1.1.1c, 1.1.0k and 1.0.2s.
> 
> These releases will be made available on 28th May 2019 between approximately
> 1200-1600 UTC.
> 
> OpenSSL 1.1.0k and 1.0.2s contain security hardening bug fixes only but do not
> address any CVEs. OpenSSL 1.1.1c is a bug-fix release (and contains the
> equivalent security hardening fixes as for 1.1.0k and 1.0.2s where relevant).

Correction to this announcement: OpenSSL 1.1.1c and OpenSSL 1.1.0k (released
yesterday) do not address any new CVEs. They do however contain a fix for a
previously announced low severity CVE (CVE-2019-1543). See the original security
advisory here:

https://www.openssl.org/news/secadv/20190306.txt

Matt



signature.asc
Description: OpenPGP digital signature


Forthcoming OpenSSL Releases

2019-05-21 Thread Matt Caswell
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 1.1.1c, 1.1.0k and 1.0.2s.

These releases will be made available on 28th May 2019 between approximately
1200-1600 UTC.

OpenSSL 1.1.0k and 1.0.2s contain security hardening bug fixes only but do not
address any CVEs. OpenSSL 1.1.1c is a bug-fix release (and contains the
equivalent security hardening fixes as for 1.1.0k and 1.0.2s where relevant).

Yours

The OpenSSL Project Team



signature.asc
Description: OpenPGP digital signature


Forthcoming OpenSSL Releases

2019-02-19 Thread Matt Caswell

The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 1.1.1b and 1.0.2r. There will be no new 1.1.0 release at
this time.

These releases will be made available on 26th February 2019 between
approximately 1300-1700 UTC.

OpenSSL 1.0.2r is a security-fix release. The highest severity issue fixed in
this release is MODERATE:
https://www.openssl.org/policies/secpolicy.html#moderate

OpenSSL 1.1.1b is a bug-fix release.

Yours

The OpenSSL Project Team



signature.asc
Description: OpenPGP digital signature


[openssl-project] Forthcoming OpenSSL Releases

2018-11-14 Thread Matt Caswell
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 1.1.1a, 1.1.0j and 1.0.2q.

These releases will be made available on 20th November 2018 between
approximately 1300-1700 UTC.

These are bug-fix releases. They also contain the fixes for three LOW
severity security issues CVE-2018-0735, CVE-2018-0734 and CVE-2018-5407 which
were previously announced here:

https://www.openssl.org/news/secadv/20181029.txt
https://www.openssl.org/news/secadv/20181030.txt
https://www.openssl.org/news/secadv/20181112.txt

CVE-2018-0735 only affects the 1.1.0 branch.
CVE-2018-0734 affects the 1.1.1, 1.1.0 and 1.0.2 branches.
CVE-2018-5407 affects the 1.0.2 branch. It also affects older 1.1.0 releases
before 1.1.0i.

Yours

The OpenSSL Project Team



signature.asc
Description: OpenPGP digital signature
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Forthcoming OpenSSL releases

2018-08-13 Thread Andy Polyakov
>>>>> Forthcoming OpenSSL releases
>>>>> 
>>>>
>>>> I have some RSA hardening fixes in pipeline...
>>>
>>> Do you suggest we wait with a release on that, or can we just put
>>> it in the next release?
>>
>> I should be able to pull it off in before release. What I'm saying is
>> that it would probably be appropriate to review them as they appear.
> 
> Is it #6915 you're talking about?

Updates to blinding are coming shortly.
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Forthcoming OpenSSL releases

2018-08-12 Thread Kurt Roeckx
On Tue, Aug 07, 2018 at 04:52:28PM +0200, Andy Polyakov wrote:
> >>> Forthcoming OpenSSL releases
> >>> 
> >>
> >> I have some RSA hardening fixes in pipeline...
> > 
> > Do you suggest we wait with a release on that, or can we just put
> > it in the next release?
> 
> I should be able to pull it off in before release. What I'm saying is
> that it would probably be appropriate to review them as they appear.

Is it #6915 you're talking about?

I'm not sure we're going to be able to properly review that before
the releases of 1.0.2 and 1.1.0.


Kurt

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Forthcoming OpenSSL releases

2018-08-07 Thread Kurt Roeckx
On Tue, Aug 07, 2018 at 04:15:52PM +0200, Andy Polyakov wrote:
> > Forthcoming OpenSSL releases
> > 
> 
> I have some RSA hardening fixes in pipeline...

Do you suggest we wait with a release on that, or can we just put
it in the next release?


Kurt

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Forthcoming OpenSSL releases

2018-08-07 Thread Andy Polyakov
>>> Forthcoming OpenSSL releases
>>> 
>>
>> I have some RSA hardening fixes in pipeline...
> 
> Do you have PR numbers for them?

"in pipeline" kind of means "not yet [but I'll intensify the work to put
them out]". In other words it's a pre-heads-up thing...

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Forthcoming OpenSSL releases

2018-08-07 Thread Matt Caswell



On 07/08/18 15:15, Andy Polyakov wrote:
>> Forthcoming OpenSSL releases
>> 
> 
> I have some RSA hardening fixes in pipeline...

Do you have PR numbers for them?

Matt

> ___
> openssl-project mailing list
> openssl-project@openssl.org
> https://mta.openssl.org/mailman/listinfo/openssl-project
> 
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Forthcoming OpenSSL releases

2018-08-07 Thread Andy Polyakov
> Forthcoming OpenSSL releases
> 

I have some RSA hardening fixes in pipeline...
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


[openssl-project] Forthcoming OpenSSL releases

2018-08-07 Thread Matt Caswell
Forthcoming OpenSSL releases


The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 1.1.0i and 1.0.2p.

These releases will be made available on 14th August 2018 between
approximately 1200-1600 UTC.

These are bug-fix releases. They also contain the fixes for two LOW
severity security issues (CVE-2018-0732 and CVE-2018-0737) which were
previously announced here:

https://www.openssl.org/news/secadv/20180612.txt
https://www.openssl.org/news/secadv/20180416.txt

Yours

The OpenSSL Project Team



signature.asc
Description: OpenPGP digital signature
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Forthcoming OpenSSL releases

2018-03-20 Thread Salz, Rich
This should include the fix to the bug Guido found.

´╗┐On 3/20/18, 1:18 PM, "Matt Caswell" <m...@openssl.org> wrote:

Forthcoming OpenSSL releases


The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 1.1.0h and 1.0.2o.

These releases will be made available on 27th March 2018 between
approximately 1300-1700 UTC.

These are security-fix releases. The highest severity issue fixed in
these releases is MODERATE.

Yours

The OpenSSL Project Team



___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project