[openssl-commits] [openssl-web] OpenSSL Web Pages branch master updated. 4ca1252253ed59b9e3e2bf87e745338c5571d952

Rich Salz rsalz at openssl.org
Fri Dec 5 18:03:49 EST 2014 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenSSL Web Pages ".

The branch, master has been updated
       via  4ca1252253ed59b9e3e2bf87e745338c5571d952 (commit)
      from  cb2e7004b96960fc3e5ec9c80df3d06c16318a3d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4ca1252253ed59b9e3e2bf87e745338c5571d952
Author: Rich Salz <rsalz at akamai.com>
Date:   Fri Dec 5 18:03:04 2014 -0500

    Update vulnerability sending info
    
    Add openssl-security key.
    Generate vulnerabilities.wml from the XML and XSLT

-----------------------------------------------------------------------

Summary of changes:
 Makefile                  |    1 +
 news/openssl-security.asc |   52 +++++++++++++++++++++++++++++++++++++++++++++
 news/vulnerabilities.xsl  |   19 ++++++++++-------
 3 files changed, 64 insertions(+), 8 deletions(-)
 create mode 100755 news/openssl-security.asc

diff --git a/Makefile b/Makefile
index 81141dd..3b3e0c8 100644
--- a/Makefile
+++ b/Makefile
@@ -25,3 +25,4 @@ generated:
 	perl run-faq.pl <$(SNAP)/FAQ >support/faq.inc
 	perl run-fundingfaq.pl < support/funding/support-faq.txt >support/funding/support-faq.inc
 	cp $(PODSHOME)/HOWTO/*.txt docs/HOWTO/.
+	( cd news ; xsltproc vulnerabilities.xsl vulnerabilities.xml > vulnerabilities.xsl )
diff --git a/news/openssl-security.asc b/news/openssl-security.asc
new file mode 100755
index 0000000..1cd3b49
--- /dev/null
+++ b/news/openssl-security.asc
@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQINBFQv6Z8BEACuJwJkw/Iniec6U1RzocYHBFKl1eE0WBu1vthYmcn0D/GJKvWM
+kRhx9GSlWMqj9mgSFUOsFWrpPIm3Jzh4bLweUjH5I7R0Frh39dDFh1hhwHEholBy
+yUGFTb8TppptXnzzDoNz4yUQcRP2oeG1vC/ePXPWHKgtp+0hmM3MQ3WIN+gSmpdt
+4vMIoWKKCq+E1tYcsFk9URBWWEwBw+OJ37o7TrernyxwtXwdPOjYhA4mLtnKHs+5
+QivuOvK7gNf5hggyv6fp6d2ixvJZ9CdUYFdlOwaHA97B694RcAMxaMtzUpfkiJ/Q
+2zR83QG4az6COKK38W6Kp7bLveMF6Rb4Y+gOjV4KvHKpzNAP2sNkmCIohlmoPhT9
+Ce9tWq6oK+o1MEc1Ejb1/kn9CeCloKlF8HkzhFLpqqkZ//3j73/6kuK45UVg5PbO
+3GLcyTJW4enmTUFxy0d24Bfdgu7FpH1vHIisDkON3QO4TMwCJoLWGULqpJKP7kUf
+5HCnafDroN5wF9jMVxFhmDOOdXyIeYkBVF6swwIlyq8VlYSjYWGAUtIb3rOiUNWc
+zYY6spdAN6VtKTMnXTm608yH118p+UOB5rJuKBqk3tMaiIjoyOcya4ImenX85rfK
+eCOVNtdOC/0N8McfO0eFc6fZxcy7ykZ1a7FLyqQDexpZM7OLoM5SXObX1QARAQAB
+tCdPcGVuU1NMIHRlYW0gPG9wZW5zc2wtdGVhbUBvcGVuc3NsLm9yZz6JAj0EEwEK
+ACcFAlQv6Z8CGwMFCQHhM4AFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQ2JTi
+zos9efV70xAAlXY8dfsZRKMbVyv7YOPaC38XL1ySNUqoMy0lBS8L8Sac5vrim3B1
+X8Ztxlli0kgIEbpDidT8sP8hxvQZa+rnObmpaBXpBudBgT/FrpwKt0kAcfxnoLGo
+1ZrSS4MJPwgYAyg2VY6O5gzJG+AnxoeT6NpG8KmgVsFr8QpLFJOI20fOoCCsNMWs
+Qk5uWKifoYNnFsYwdaKJnzfYFqC3lQCcU12WF0Eeo/+gSK309+Dq3ujoTgKAElOv
+Vom3c+RIFRHTwnCgucrJFAgcavZiEEd9QGPg3LsZ7HpmE6nwzPOwnxqM8qLtvUvz
+XJPH6j87iuk7ojPVBPAyHU2ITaANj8IyVi4liRzvNohypWCbV+MUyrkI/Ko+TrQ/
+XmDRfQKSfFbt9UBH1g+/iBfUVdLPNKD0gyXwy04nTNdgyB5V3zjCfQ1UEZ5TESDX
+fjBP+5TGzF5IMlvAYa3dyGYpHuMTGjCno8R/d9vVxlOaQSWcbB5uNUHLj6Fpvoxv
+z1InfrarFXIh4jbZg0ewI3sbuUmjh0PhX0fRr9HiEAhpRjUfdidWbuOa7+BMXyLO
+oifNpxv4Q8gm+eu/kxYjayRHNv+0DX1nKM2sLdODoMf5BYIULLksavUlrmZ7GpJt
+BgEO4dhSDDp6VYw24NNSG8orV2V4FleegdesD8tAA1Bl6Chb64m28sK5Ag0EVC/p
+nwEQAMB3s+8dq5T8fW+b3OcGujEcbhyguc6D5shlNWsuCV3W7+izsVUe+0hD1YwD
+30C6zj2+CJrMxPQ/BB3u3SbyHMDP5fKL7GQiA/n192hX2DuHxvQwnDNkHxYghtrF
+KOlXAyte2awA0fC+e0o8lHa1Yd2ZZNqlDC23qJtLMJH8bX8CIr59KckNyv64bF+h
+VPIN3evnh1Ajn4A85848EZMQcjedg72MsA3TW2D4omayY7eXE5uut7FYcY6SM4pT
+hIB2X9DM39Rgy3qC4ObvEkEfaWnJfHxyXiA8XF+FZukXc/iM68P0VS/sMml9QPsY
+MWnMHcGlOcuzQJRAalqZJwuK0ZIvobh/Y9rYLxrHtNCgSjaFuSN9K/YhpAxs80H6
+lVa7GCSASTRrS3OvmY++fTsUPzSOvit0kqQfimziYx7QcJIagG92mvUmuf2PEfzv
+Si6iaIqMhaTaJq5qxOR0q430KakQktNPX53HflWL7YenDPYw1rEyQFxGqjaBY1X8
+NtuzZ0P4cahgsBFc8HgYu2u3Ysd5wmvSTsOXld8Qsns1KIUOpzgWw56AJ6dxS3lK
+4QSUFwjzbZW9H0jJ49eBMAaA+hCjv8c/4BFuZq9Gvsafn425Lx1V/3PFJlPu55V+
+7qWjeOkSzNctMlmCqPQVetbZ/pHLAJO5IUO3SoTs5kl6bARzABEBAAGJAiUEGAEK
+AA8FAlQv6Z8CGwwFCQHhM4AACgkQ2JTizos9efW9Gg/9GoPUHtq600MemwBQvgZd
+V1IMGTavvwnROhmrDH+tmJnKchyEZ/SpfQWjEyj50WichcWaCQ0O4JNHL7cRXhJD
+8SbxwODQn6+6rdH2ilFCke+VDq3dKGbc4IM8YUHg3b6babXQkRTlUYsJ2oPCfNTj
+PFXXyLJvtdob1FPDXll42X+lcXx3P2seTf+lrGuPvg071ftDGFtnMom+DziC56wd
+3PqpGxyWuQycgtiXYZEAs2rs7y028lVB3S/aRRtBll6NTdvAGoHaoSvnssqklID2
+lqoAhpvhO+wdgRrdiHVUBJ9pzl1dUVZK8bU4R2Wx3SBK42dXeaWFnf3UqpiSMhyX
+wHZlCQNaQaMjFL8oAJEWNakVlwejqoI+1kS0Am7iYV9L5bSUDvK9PDWKAJTUhQbO
+nO5lztumkmflbHg16+ptT4VqpvB9mDdCdgOUB7spLKhTZkOVT9OG1ROxBQbIjt8P
+UUu2MbHw4XMx7pwkYcYAu3tBaz9KDDMvvnYH9/V9o8b2qczQY98tIZaOVfjqK7sm
+kMuNP82HXrpRTsfUvW1i8TR4gH9RCO8ltNoAO6QXjCsCbeI+TTi8DqTYHcZD0cDm
+DBNojblubYS6mezodM1jIazlFqHFSBvzMbiSQ5BL5QZC3qd2B2DHxyuUDjvmJAVV
+PuIxu13yhrUC3SW2zWSthsI=
+=bnV4
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/news/vulnerabilities.xsl b/news/vulnerabilities.xsl
index 52681ba..b72b066 100644
--- a/news/vulnerabilities.xsl
+++ b/news/vulnerabilities.xsl
@@ -24,14 +24,17 @@
 
 <h2>Reporting a security vulnerability</h2>
 
-<p>If you think you have found a security vulnerability then please send it to the
-OpenSSL security team using the private security list
-<a href="mailto:openssl-security at openssl.org">openssl-security at openssl.org</a>.  Encrypting your report is not necessary, but
-if you wish to do so please use the keys of the <a href="/about/">core team members</a>.
-Any email sent to the security team that does not relate
-to a security vulnerability will be ignored.</p>
-
-<p>Note that bugs only present in the openssl utility are not in general considered to be security issues.</p>
+<p>If you think you have found a security vulnerability then please send
+  it to the OpenSSL team using the private security list
+  <a href="mailto:openssl-security at openssl.org">openssl-security at openssl.org</a>.
+  Encrypting your report is not necessary, but you can either use the
+  <a href="openssl-security.asc">team PGP key</a>. If you wish to
+  limit the initial disclosure, send it encrypted to specific team
+  members.</p>
+
+<p>Any mail sent to that address that is not about a security vulnerability will be ignored.  In general, bugs that are only present in the openssl
+  command-line utility are not considered security issues.</p>
+  ind
 
 <h2>Notification of security vulnerabilities</h2>
 


hooks/post-receive
-- 
OpenSSL Web Pages

More information about the openssl-commits mailing list