[openssl-users] Need help on CVE-2015-0292

Matt Caswell matt at openssl.org
Mon Mar 23 10:55:40 UTC 2015



On 23/03/15 10:50, Jaya Nageswar wrote:
> Hi All,
> 
> As per openssl advisory http://www.openssl.org/news/secadv_20150319.txt,
> the vulnerability CVE-2015-0292 is fixed in 0.9.8 za. Is this correct or
> typo?

It is correct. As the advisory states this is a historic bug that was
fixed in previous versions but had not appeared in a security advisory
until now.

> Can some one point me to the code changes related to this fix on
> gib hub. I really could not find the code changes related to the commit
> 9febee0272 (0.9.8) as per the advisory.
> 

https://github.com/openssl/openssl/commit/9febee0272

Matt


More information about the openssl-users mailing list