[openssl-users] OpenSSL 1.0.2: CVE-2018-0735
Kurt Roeckx
kurt at roeckx.be
Thu Nov 22 21:44:25 UTC 2018
On Tue, Nov 06, 2018 at 04:19:36PM -0600, Misaki Miyashita wrote:
> Hi,
>
> According to the vulnerabilities website[1], OpenSSL 1.1.i and earlier and
> 1.1.1 are affected by CVE-2018-0735.
> Is it safe to assume that OpenSSL 1.0.2 is not affected by the CVE?
My understanding is that the code was not present in 1.0.2. To
address CVE-2018-5407, that code was backported to 1.0.2, but the
fixed version was used.
Kurt
More information about the openssl-users
mailing list