[openssl-users] Need help on CVE-2015-0292
Matt Caswell
matt at openssl.org
Mon Mar 23 10:55:40 UTC 2015
On 23/03/15 10:50, Jaya Nageswar wrote:
> Hi All,
>
> As per openssl advisory http://www.openssl.org/news/secadv_20150319.txt,
> the vulnerability CVE-2015-0292 is fixed in 0.9.8 za. Is this correct or
> typo?
It is correct. As the advisory states this is a historic bug that was
fixed in previous versions but had not appeared in a security advisory
until now.
> Can some one point me to the code changes related to this fix on
> gib hub. I really could not find the code changes related to the commit
> 9febee0272 (0.9.8) as per the advisory.
>
https://github.com/openssl/openssl/commit/9febee0272
Matt
More information about the openssl-users
mailing list