Scott, I just checked the CVE ID's on mitre, and as of now ( 11:18 AM PST
1/26/17 ) they are all listed as 'reserved' and don't have any information
about the issue. NVD shows the same information. In either case, it seems
like an extra hoop to jump through to have to go to a third party site to
The CVE itself contains the commit info. Find it at cve.mitre.org
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Ethan Rahn
Sent: Thursday, January 26, 2017 10:40 AM
To: openssl-users@openssl.org
Subject: [openssl-users] Should openssl publish the commit #'s that
