matt at openssl.org
Tue Aug 16 08:09:20 UTC 2016
On 16/08/16 03:37, Jakob Bohm wrote:
> Just to clarify for anyone searching the archives in the future:
> Is that commit included in release 1.0.1t or not?
No, its not yet in an official release. It will be included in the next
1.0.1 release - whenever that is.
> (I could probably dig it up myself, but I am not an authoritative
> source on the matter, so not good enough for future readers).
> On 12/08/2016 21:20, Salz, Rich wrote:
>> Commit 6f35f6deb5ca7daebe289f86477e061ce3ee5f46 in 1.0.1
>> *From:*Scott Neugroschl [mailto:scott_n at xypro.com]
>> *Sent:* Friday, August 12, 2016 3:11 PM
>> *To:* openssl-users at openssl.org
>> *Subject:* [openssl-users] CVE-2016-2177
>> CVE 2016-2177 notes that it applies to all versions up to 1.0.2h.
>> Does this mean that the fix is not applied to the 1.0.1 series (in
>> particular 1.0.1t)?
More information about the openssl-users