[openssl-commits] [web] master update
Rich Salz
rsalz at openssl.org
Mon Aug 28 18:00:14 UTC 2017
The branch master has been updated
via 8f15d0696303956c316e276146a759541512e7ef (commit)
from 7b17d477171ac28654376447d561f0be8f137f9e (commit)
- Log -----------------------------------------------------------------
commit 8f15d0696303956c316e276146a759541512e7ef
Author: Rich Salz <rsalz at akamai.com>
Date: Mon Aug 28 14:00:08 2017 -0400
Add PR link
-----------------------------------------------------------------------
Summary of changes:
news/secadv/20170828.txt | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/news/secadv/20170828.txt b/news/secadv/20170828.txt
index 02a1cba..c28bc7d 100644
--- a/news/secadv/20170828.txt
+++ b/news/secadv/20170828.txt
@@ -12,8 +12,10 @@ OpenSSL could do a one-byte buffer overread. The most likely result
would be an erroneous display of the certificate in text format.
As this is a low severity fix, no release is being made. The fix can be
-found in the source repository (1.0.2, 1.1.0, and master branches) in
-the X509v3_addr_get_afi function. This bug has been present since 2006.
+found in the source repository (1.0.2, 1.1.0, and master branches); see
+https://github.com/openssl/openssl/pull/4276. This bug has been present
+since 2006.
+
This issue was found by Google's OSS-Fuzz project on August 22.
The fix was developed by Rich Salz of the OpenSSL development team.
@@ -29,7 +31,7 @@ References
==========
URL for this Security Advisory:
-https://www.openssl.org/news/secadv/20170126.txt
+https://www.openssl.org/news/secadv/20170828.txt
Note: the online version of the advisory may be updated with additional details
over time.
More information about the openssl-commits
mailing list