Need more information on CVE-2016-2842

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks for the information Matt.

Regards
Sandeep




From:   Matt Caswell <matt@xxxxxxxxxxx>
To:     openssl-users at openssl.org
Date:   04/12/2016 12:44 AM
Subject:        Re: Need more information on CVE-2016-2842
Sent by:        "openssl-users" <openssl-users-bounces at openssl.org>





On 11/04/16 19:12, Sandeep Umesh wrote:
> Hello
> 
> Can someone please provide more information on CVE-2016-2842? Is this
> different from CVE-2016-0799 ? Looks like this CVE information is not
> captured in the advisory -
> _http://openssl.org/news/secadv/20160301.txt_
> 
> Also, does this below patch fixes both CVE-2016-2842 and CVE-2016-0799 -
> 
_https://git.openssl.org/?p=openssl.git;a=commit;h=578b956fe741bf8e84055547b1e83c28dd902c73_


CVE-2016-2842 is an identifier that was not issued by the OpenSSL
Project and hence does not appear in the security advisory. The OpenSSL
Project assigned CVE-2016-0799 and gave it the description as it appears
in the advisory. Another organisation decided to split that into two
different CVEs and assigned CVE-2016-2842. Whether you think of it as
one CVE or two, the fix is the same, i.e. the commit that you identified
fixes both.

Matt
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160412/54ce2f72/attachment-0001.html>


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux