[openssl-commits] [web] master update
Matt Caswell
matt at openssl.org
Thu Nov 2 20:44:27 UTC 2017
The branch master has been updated
via c810ef9e9872919576a06a3a395fc97ef8ab487d (commit)
from 5de38e975e062f4c93bc6b6f49a4bd831b927ecf (commit)
- Log -----------------------------------------------------------------
commit c810ef9e9872919576a06a3a395fc97ef8ab487d
Author: Matt Caswell <matt at openssl.org>
Date: Thu Nov 2 17:23:47 2017 +0000
Update the advisory from 20170828 with the latest release information.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/web/pull/31)
-----------------------------------------------------------------------
Summary of changes:
news/secadv/20170828.txt | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/news/secadv/20170828.txt b/news/secadv/20170828.txt
index a1aed22..e51b6a3 100644
--- a/news/secadv/20170828.txt
+++ b/news/secadv/20170828.txt
@@ -11,15 +11,18 @@ If an X.509 certificate has a malformed IPAddressFamily extension,
OpenSSL could do a one-byte buffer overread. The most likely result
would be an erroneous display of the certificate in text format.
-As this is a low severity fix, no release is being made. The fix can be
-found in the source repository (1.0.2, 1.1.0, and master branches); see
-https://github.com/openssl/openssl/pull/4276. This bug has been present
-since 2006.
+This bug has been present since 2006.
+OpenSSL 1.1.0 users should upgrade to 1.1.0g
+OpenSSL 1.0.2 users should upgrade to 1.0.2m
This issue was found by Google's OSS-Fuzz project on August 22.
The fix was developed by Rich Salz of the OpenSSL development team.
+UPDATE 02 November 2017: At the time of the original security advisory the fix
+was only available in the development versions. The advisory has now been
+updated with the release information.
+
Note
====
More information about the openssl-commits
mailing list