[web] master update

Mark J. Cox mark at openssl.org
Fri Jan 3 10:06:30 UTC 2020 

The branch master has been updated
       via  ba98fa477470b023d70a080fad35dd406b573f3f (commit)
       via  edfd2b0b8980e340b13d288fc373c8ee9b909307 (commit)
      from  9d8e43e70514d403e27663b13d06963c5381603b (commit)


- Log -----------------------------------------------------------------
commit ba98fa477470b023d70a080fad35dd406b573f3f
Merge: 9d8e43e edfd2b0
Author: Mark J. Cox <mark at openssl.org>
Date:   Fri Jan 3 10:05:39 2020 +0000

    Merge pull request #150 from iamamoose/eolstatements
    
    Update the vulnerability XML to also include some statements about EOL

commit edfd2b0b8980e340b13d288fc373c8ee9b909307
Author: Mark J. Cox <mark at awe.com>
Date:   Fri Jan 3 09:50:43 2020 +0000

    Update the vulnerability XML to also include some statements about EOL versions
    that was we can make it clear on the vulnerability page when things are EOL

-----------------------------------------------------------------------

Summary of changes:
 bin/mk-cvepage           | 3 +++
 news/vulnerabilities.xml | 8 ++++++++
 2 files changed, 11 insertions(+)

diff --git a/bin/mk-cvepage b/bin/mk-cvepage
index 10654b6..83333ab 100755
--- a/bin/mk-cvepage
+++ b/bin/mk-cvepage
@@ -140,6 +140,9 @@ preface += "<p>Show issues fixed only in OpenSSL " + ", ".join(bases)
 if options.base:
     preface += ", or <a href=\"vulnerabilities.html\">all versions</a>"
     preface += "<h2>Fixed in OpenSSL %s</h2>" %(options.base)
+    for statement in dom.getElementsByTagName('statement'):
+        if (statement.getAttribute("base") in options.base):
+            preface += statement.firstChild.data.strip()
 preface += "</p>"
 if len(allyears)>1: # If only vulns in this year no need for the year table of contents
     preface += "<p><a name=\"toc\">Jump to year: </a>" + ", ".join( "<a href=\"#y%s\">%s</a>" %(year,year) for year in allyears)
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index de81fa1..0378674 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -7336,6 +7336,14 @@ default and not common.</description>
   <advisory url="/news/secadv/20140605.txt"/>
 </issue>
 
+  <statement base="0.9.6">OpenSSL 0.9.6 is out of support and no longer receiving updates.</statement>
+  <statement base="0.9.7">OpenSSL 0.9.7 is out of support and no longer receiving updates.</statement>
+  <statement base="0.9.8">OpenSSL 0.9.8 is out of support since 1st January 2016 and no longer receiving updates.</statement>
+  <statement base="1.0.0">OpenSSL 1.0.0 is out of support since 1st January 2016 and no longer receiving updates.</statement>
+  <statement base="1.0.1">OpenSSL 1.0.1 is out of support since 1st January 2017 and no longer receiving updates.</statement>
+  <statement base="1.0.2">OpenSSL 1.0.2 is out of support since 1st January 2020 and is no longer receiving updates.  Extended support is available from OpenSSL Software Services for premium support customers</statement>
+  <statement base="1.1.0">OpenSSL 1.1.0 is out of support since 12th September 2019 and no longer receiving updates.</statement>
+
 </security>

More information about the openssl-commits mailing list