[openssl-dev] [openssl-users] OpenSSL Security Advisory

Michel michel.sales at free.fr
Tue Mar 1 21:06:13 UTC 2016


Hi,

I am a bit surprised with the following assertion concerning CVE-2016-0798 :
(Memory leak in SRP database lookups)
"This issue was discovered on February 23rd 2016..."

My opinion is that this issue is known at least since I reported it to you
(first in march 2015 !) :
https://mta.openssl.org/pipermail/openssl-dev/2015-March/001015.html
https://mta.openssl.org/pipermail/openssl-bugs-mod/2015-December/000279.html

This is s a further demonstration that I still have to improve my english !
;-)

Regards,

Michel.





More information about the openssl-dev mailing list