Thanks Marcus! Lily -----Original Message----- From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Marcus Meissner Sent: Thursday, August 25, 2016 6:34 PM To: openssl-users at openssl.org Subject: Re: CVE-2016-2108 and openssl 0.9.8zf Hi, to my knowledge older versions are also affected. Ciao, Marcus On Thu, Aug 25, 2016 at 03:10:19AM +0000, Zhang, Lily (USD) wrote: > Hi > > From the openssl website, it mentioned that CVE-2016-2108<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108> affected version of Openssl prior to April 2015. > We used openssl 0.98zf in our old product which was released several years ago. > > Do you know if CVE-2016-2108<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108> affected version 0.9.8zf? We want to get this info to plan our work. > > Thanks > Lily > > CVE-2016-2108<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108> (OpenSSL advisory) <https://www.openssl.org/news/secadv/20160503.txt> [High severity] 3rd May 2016: [https://www.openssl.org/img/up.gif] <https://www.openssl.org/news/vulnerabilities.html#toc> > This issue affected versions of OpenSSL prior to April 2015. > > CVE-2016-2108<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108> (OpenSSL advisory) <https://www.openssl.org/news/secadv/20160503.txt> [High severity] 3rd May 2016: [https://www.openssl.org/img/up.gif] <https://www.openssl.org/news/vulnerabilities.html#toc> > * Fixed in OpenSSL 1.0.1o (Affected 1.0.1n, 1.0.1m, 1.0.1l, 1.0.1k, 1.0.1j, 1.0.1i, 1.0.1h, 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1) > * Fixed in OpenSSL 1.0.2c (Affected 1.0.2b, 1.0.2a, 1.0.2) > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real <meissner at suse.de> -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users