[openssl-users] Need more information on CVE-2016-2842

Sandeep Umesh sanumesh at in.ibm.com
Tue Apr 12 05:35:54 UTC 2016

Thanks for the information Matt.


From:   Matt Caswell <matt at openssl.org>
To:     openssl-users at openssl.org
Date:   04/12/2016 12:44 AM
Subject:        Re: [openssl-users] Need more information on CVE-2016-2842
Sent by:        "openssl-users" <openssl-users-bounces at openssl.org>

On 11/04/16 19:12, Sandeep Umesh wrote:
> Hello
> Can someone please provide more information on CVE-2016-2842? Is this
> different from CVE-2016-0799 ? Looks like this CVE information is not
> captured in the advisory -
> _http://openssl.org/news/secadv/20160301.txt_
> Also, does this below patch fixes both CVE-2016-2842 and CVE-2016-0799 -

CVE-2016-2842 is an identifier that was not issued by the OpenSSL
Project and hence does not appear in the security advisory. The OpenSSL
Project assigned CVE-2016-0799 and gave it the description as it appears
in the advisory. Another organisation decided to split that into two
different CVEs and assigned CVE-2016-2842. Whether you think of it as
one CVE or two, the fix is the same, i.e. the commit that you identified
fixes both.

openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160412/54ce2f72/attachment-0001.html>

More information about the openssl-users mailing list