[openssl-dev] CVE-2016-2177
Salz, Rich
rsalz at akamai.com
Wed Jun 29 19:03:23 UTC 2016
No, just do it.
--
Senior Architect, Akamai Technologies
IM: richsalz at jabber.at Twitter: RichSalz
> -----Original Message-----
> From: Philip Bellino [mailto:pbellino at mrv.com]
> Sent: Wednesday, June 29, 2016 3:00 PM
> To: openssl-dev at openssl.org
> Subject: Re: [openssl-dev] CVE-2016-2177
>
> Rich,
> We have customers who are asking us to address this vulnerability as well as
> CVE-2016-2178.
> CVE-2016-2177 (s3_srvr.c, ssl_sess.c, t1_lib.c)
> CVE-2016-2178 (dsa_ossl.c).
>
> Do you see any reason why we should not go ahead and add these changes
> to our existing 1.0.2h code?
>
> Thanks,
> Phil
>
>
>
> -----Original Message-----
> From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of
> Salz, Rich
> Sent: Tuesday, June 28, 2016 11:23 AM
> To: openssl-dev at openssl.org
> Subject: Re: [openssl-dev] CVE-2016-2177
>
> >Will you be releasing 1.0.2i soon to address this issue?
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2177
>
> Please see https://www.openssl.org/blog/blog/2016/06/27/undefined-
> pointer-arithmetic/
>
> Short answer: this is a LOW issue, and does not justify a release by itself.
>
> --
> Senior Architect, Akamai Technologies
> IM: richsalz at jabber.at Twitter: RichSalz
>
> --
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
> [E-Banner]<http://www.mrv.com/products/os-v>
>
>
> MRV Communications is a global supplier of packet and optical solutions that
> power the world’s largest networks. Our products combine innovative
> hardware with intelligent software to make networks smarter, faster and
> more efficient.
>
>
> The contents of this message, together with any attachments, are intended
> only for the use of the person(s) to whom they are addressed and may
> contain confidential and/or privileged information. If you are not the
> intended recipient, immediately advise the sender, delete this message and
> any attachments and note that any distribution, or copying of this message,
> or any attachment, is prohibited.
> --
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
More information about the openssl-dev
mailing list