Thanks, Matt! I did not know that OpenSSL.org is the only organization that creates CVEs for OpenSSL. Thanks for clearing this up for me! Joe ------------------ On 12/01/16 22:43, Joe Flowers wrote: >* Hello OpenSSL Developers, *> > >* I understand through your previous announcements that OpenSSL 0.9.8 is no longer "supported", and no more "security fixes", nor "security updates" will be provided by OpenSSL.org. *> > >* Does this mean that we can expect no more CVEs to be generated or listed for OpenSSL 0.9.8 also? * Not supported means we will no longer being doing work on the 0.9.8 or 1.0.0 branches. This includes any analysis which may lead to a CVE assignment. Matt -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160112/8c9eb57d/attachment.html>
