Monthly Status Report (August)

Matt Caswell matt at
Mon Sep 6 14:02:51 UTC 2021

As well as normal reviews, responding to user queries, wiki user
requests, OMC business, support customer issues, CLA submissions,
handling security reports, etc., key activities this month:

- Implemented the (extended) patch CVE-2021-3712 as well as significant 
analysis time spent on this issue
- Analysed and developed the patch for CVE-2021-3711
- Co-ordinated and performed the security release for OpenSSL 1.1.1l and 
OpenSSL 1.0.2za
- Investigated, created reproducer for, and subsequently developed the 
fix for an issue where leaks occurred due to loading the config file 
into the same libctx twice
- Investigated with Tomas problems with the clacheck script following
the removal of the "license"host
- Significant investigation work for OMC related tasks
- Updates to the release instructions following problems with the last 
- Helped investigate a solaris linking issue
- Fixed a bug where we need to check the asn.1 type of an "otherName" 
before we attempt to read it
- Refactored and rationalized provider locking to deal with "lock 
inversion" errors being reported from thread sanitizer


More information about the openssl-project mailing list