On 16/08/16 03:37, Jakob Bohm wrote: > Just to clarify for anyone searching the archives in the future: > > Is that commit included in release 1.0.1t or not? No, its not yet in an official release. It will be included in the next 1.0.1 release - whenever that is. Matt > > (I could probably dig it up myself, but I am not an authoritative > source on the matter, so not good enough for future readers). > > On 12/08/2016 21:20, Salz, Rich wrote: >> >> Commit 6f35f6deb5ca7daebe289f86477e061ce3ee5f46 in 1.0.1 >> >> *From:*Scott Neugroschl [mailto:scott_n at xypro.com] >> *Sent:* Friday, August 12, 2016 3:11 PM >> *To:* openssl-users at openssl.org >> *Subject:* [openssl-users] CVE-2016-2177 >> >> CVE 2016-2177 notes that it applies to all versions up to 1.0.2h. >> Does this mean that the fix is not applied to the 1.0.1 series (in >> particular 1.0.1t)? >> > Enjoy > > Jakob
