Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20151016150120.GD25118@symphytum.spacehopper.org>
Date: Fri, 16 Oct 2015 16:01:20 +0100
From: Stuart Henderson <sthen@...nbsd.org>
To: oss-security@...ts.openwall.com
Cc: Qualys Security Advisory <qsa@...lys.com>
Subject: Re: Qualys Security Advisory - LibreSSL
 (CVE-2015-5333 and CVE-2015-5334)

On 2015/10/16 12:06, Agostino Sarubbo wrote:
> On Thursday 15 October 2015 17:54:16 Qualys Security Advisory wrote:
> > We would like to thank the LibreSSL team for their great work and
> > their incredibly quick response,
> 
> Are these issues fixed upstream?
> If yes, is there a release which fixes the issues?

Yes, these releases were made:

http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.0.6.tar.gz
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.1.8.tar.gz
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.4.tar.gz

> If there isn't a release, do we have the link of the commit/diff?

The fixes are spread over several commits, so the combined diff is
probably the easiest place to look:

http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/007_obj2txt.patch.sig

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.