[openssl-commits] [web] master update

Matt Caswell matt at openssl.org
Thu Jul 9 12:45:38 UTC 2015


The branch master has been updated
       via  0dd8b2ab306a6b93e4901b0eb7f787edcd4a7199 (commit)
       via  5f9ad2d09f87c98114ec2f4817cede2ecb89ec80 (commit)
      from  a8e5ad250be42a3a9a386188ff6e75ce8df1342e (commit)


- Log -----------------------------------------------------------------
commit 0dd8b2ab306a6b93e4901b0eb7f787edcd4a7199
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Jul 9 13:38:22 2015 +0100

    Update to vulernabilities xml

commit 5f9ad2d09f87c98114ec2f4817cede2ecb89ec80
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Jul 9 13:35:25 2015 +0100

    Update website news

-----------------------------------------------------------------------

Summary of changes:
 news/newsflash.txt       |  3 +++
 news/vulnerabilities.xml | 21 ++++++++++++++++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index eeecf70..1cd231e 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -1,3 +1,6 @@
+11-Jul-2015: <a href="ROOT/news/secadv_20150709.txt">Security Advisory</a>: one security fix
+11-Jul-2015: OpenSSL 1.0.2d is now <a href="ROOT/source/">available</a>, including bug and security fixes
+11-Jul-2015: OpenSSL 1.0.1p is now <a href="ROOT/source/">available</a>, including bug and security fixes
 06-Jul-2015: OpenSSL 1.0.2d and 1.0.1p <a href="https://mta.openssl.org/pipermail/openssl-announce/2015-July/000037.html">security releases due 9th July 2015</a>
 12-Jun-2015: New releases to resolve ABI compatibility problems:
 12-Jun-2015: OpenSSL 1.0.2c is now <a href="ROOT/source/">available</a>, including bug fixes
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index aaacfdc..49d0038 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -5,7 +5,26 @@
      1.0.0 on 20100329
 -->
 
-<security updated="20150611">
+<security updated="20150709">
+  <issue public="20150709">
+    <cve name="2015-1793"/>
+    <affects base="1.0.1" version="1.0.1n"/>
+    <affects base="1.0.1" version="1.0.1o"/>
+    <affects base="1.0.2" version="1.0.2b"/>
+    <affects base="1.0.2" version="1.0.2c"/>
+    <fixed base="1.0.2" version="1.0.2d" date="20150709"/>
+    <fixed base="1.0.1" version="1.0.1p" date="20150709"/>
+
+    <description>
+      An error in the implementation of the alternative certificate
+      chain logic could allow an attacker to cause certain checks on
+      untrusted certificates to be bypassed, such as the CA flag,
+      enabling them to use a valid leaf certificate to act as a CA and
+      "issue" an invalid certificate.
+    </description>
+    <advisory url="http://www.openssl.org/news/secadv_20150709.txt"/>
+    <reported source="Adam Langley and David Benjamin (Google/BoringSSL)"/>
+  </issue>
   <issue public="20150611">
     <cve name="2015-1788"/>
     <affects base="0.9.8" version="0.9.8"/>


More information about the openssl-commits mailing list