[openssl-commits] [web] master update

Matt Caswell matt at openssl.org
Thu Nov 2 20:44:27 UTC 2017


The branch master has been updated
       via  c810ef9e9872919576a06a3a395fc97ef8ab487d (commit)
      from  5de38e975e062f4c93bc6b6f49a4bd831b927ecf (commit)


- Log -----------------------------------------------------------------
commit c810ef9e9872919576a06a3a395fc97ef8ab487d
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Nov 2 17:23:47 2017 +0000

    Update the advisory from 20170828 with the latest release information.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/web/pull/31)

-----------------------------------------------------------------------

Summary of changes:
 news/secadv/20170828.txt | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/news/secadv/20170828.txt b/news/secadv/20170828.txt
index a1aed22..e51b6a3 100644
--- a/news/secadv/20170828.txt
+++ b/news/secadv/20170828.txt
@@ -11,15 +11,18 @@ If an X.509 certificate has a malformed IPAddressFamily extension,
 OpenSSL could do a one-byte buffer overread. The most likely result
 would be an erroneous display of the certificate in text format.
 
-As this is a low severity fix, no release is being made. The fix can be
-found in the source repository (1.0.2, 1.1.0, and master branches); see
-https://github.com/openssl/openssl/pull/4276. This bug has been present
-since 2006.
+This bug has been present since 2006.
 
+OpenSSL 1.1.0 users should upgrade to 1.1.0g
+OpenSSL 1.0.2 users should upgrade to 1.0.2m
 
 This issue was found by Google's OSS-Fuzz project on August 22.
 The fix was developed by Rich Salz of the OpenSSL development team.
 
+UPDATE 02 November 2017: At the time of the original security advisory the fix
+was only available in the development versions. The advisory has now been
+updated with the release information.
+
 Note
 ====
 


More information about the openssl-commits mailing list