<html>

  <head>

    <meta content="text/html; charset=windows-1252"

      http-equiv="Content-Type">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <div class="moz-cite-prefix">On 07/09/2015 09:06 PM, Salz, Rich

      wrote:<br>

    </div>

    <blockquote

cite="mid:97af042cfb734338b89e637da4468ad7@ustx2ex-dag1mb2.msg.corp.akamai.com"

      type="cite">

      <pre wrap="">Perhaps something like the CVE vectors, that others have suggested?

<a class="moz-txt-link-freetext" href="https://nvd.nist.gov/CVSS/Vector-v2.aspx">https://nvd.nist.gov/CVSS/Vector-v2.aspx</a>

It's (a bit?) extra work while getting the release out, so it would be good to hear enthusiastic support for this :)

</pre>

    </blockquote>

    Yes, this would be very helpful. <br>

    <br>

    Also, in this particular case, the following piece of information

    (and especially your clarification) would have been useful if it

    were included in the pre-announcement (but maybe the heads-up was a

    bit fuzzy on purpose, with the intention not to point attackers to

    the exact location of the bug in the source?):<br>

    <br>

    <table class="moz-email-headers-table" border="0" cellpadding="0"

      cellspacing="0">

      <tbody>

        <tr>

          <th nowrap="nowrap" valign="BASELINE" align="RIGHT">Subject: </th>

          <td>Re: [openssl-users] [openssl-dev] OpenSSL Security

            Advisory</td>

        </tr>

        <tr>

          <th nowrap="nowrap" valign="BASELINE" align="RIGHT">Date: </th>

          <td>Thu, 9 Jul 2015 13:13:30 +0000</td>

        </tr>

        <tr>

          <th nowrap="nowrap" valign="BASELINE" align="RIGHT">From: </th>

          <td>Salz, Rich <a class="moz-txt-link-rfc2396E" href="mailto:rsalz@akamai.com"><rsalz@akamai.com></a></td>

        </tr>

        <tr>

          <th nowrap="nowrap" valign="BASELINE" align="RIGHT">Reply-To:

          </th>

          <td><a class="moz-txt-link-abbreviated" href="mailto:openssl-users@openssl.org">openssl-users@openssl.org</a></td>

        </tr>

        <tr>

          <th nowrap="nowrap" valign="BASELINE" align="RIGHT">To: </th>

          <td><a class="moz-txt-link-abbreviated" href="mailto:openssl-dev@openssl.org">openssl-dev@openssl.org</a> <a class="moz-txt-link-rfc2396E" href="mailto:openssl-dev@openssl.org"><openssl-dev@openssl.org></a>,

            OpenSSL User Support ML <a class="moz-txt-link-rfc2396E" href="mailto:openssl-users@openssl.org"><openssl-users@openssl.org></a></td>

        </tr>

      </tbody>

    </table>

    <br>

    > This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and

    1.0.1o.

    <br>

    In other words, if you are not using those specific releases --

    i.e., the ones that came out less than 30 days ago -- you do not

    need to upgrade.

    <br>

  </body>

</html>