[openssl-users] Need more information on CVE-2016-2842
Sandeep Umesh
sanumesh at in.ibm.com
Tue Apr 12 05:35:54 UTC 2016
Thanks for the information Matt.
Regards
Sandeep
From: Matt Caswell <matt at openssl.org>
To: openssl-users at openssl.org
Date: 04/12/2016 12:44 AM
Subject: Re: [openssl-users] Need more information on CVE-2016-2842
Sent by: "openssl-users" <openssl-users-bounces at openssl.org>
On 11/04/16 19:12, Sandeep Umesh wrote:
> Hello
>
> Can someone please provide more information on CVE-2016-2842? Is this
> different from CVE-2016-0799 ? Looks like this CVE information is not
> captured in the advisory -
> _http://openssl.org/news/secadv/20160301.txt_
>
> Also, does this below patch fixes both CVE-2016-2842 and CVE-2016-0799 -
>
_https://git.openssl.org/?p=openssl.git;a=commit;h=578b956fe741bf8e84055547b1e83c28dd902c73_
CVE-2016-2842 is an identifier that was not issued by the OpenSSL
Project and hence does not appear in the security advisory. The OpenSSL
Project assigned CVE-2016-0799 and gave it the description as it appears
in the advisory. Another organisation decided to split that into two
different CVEs and assigned CVE-2016-2842. Whether you think of it as
one CVE or two, the fix is the same, i.e. the commit that you identified
fixes both.
Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160412/54ce2f72/attachment-0001.html>
More information about the openssl-users
mailing list