Thanks for the information Matt. Regards Sandeep From: Matt Caswell <matt@xxxxxxxxxxx> To: openssl-users at openssl.org Date: 04/12/2016 12:44 AM Subject: Re: Need more information on CVE-2016-2842 Sent by: "openssl-users" <openssl-users-bounces at openssl.org> On 11/04/16 19:12, Sandeep Umesh wrote: > Hello > > Can someone please provide more information on CVE-2016-2842? Is this > different from CVE-2016-0799 ? Looks like this CVE information is not > captured in the advisory - > _http://openssl.org/news/secadv/20160301.txt_ > > Also, does this below patch fixes both CVE-2016-2842 and CVE-2016-0799 - > _https://git.openssl.org/?p=openssl.git;a=commit;h=578b956fe741bf8e84055547b1e83c28dd902c73_ CVE-2016-2842 is an identifier that was not issued by the OpenSSL Project and hence does not appear in the security advisory. The OpenSSL Project assigned CVE-2016-0799 and gave it the description as it appears in the advisory. Another organisation decided to split that into two different CVEs and assigned CVE-2016-2842. Whether you think of it as one CVE or two, the fix is the same, i.e. the commit that you identified fixes both. Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160412/54ce2f72/attachment-0001.html>
