Re: OpenSSL 1.0.2: CVE-2018-0735

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Nov 06, 2018 at 04:19:36PM -0600, Misaki Miyashita wrote:
> Hi,
> 
> According to the vulnerabilities website[1], OpenSSL 1.1.i and earlier and
> 1.1.1 are affected by CVE-2018-0735.
> Is it safe to assume that OpenSSL 1.0.2 is not affected by the CVE?

My understanding is that the code was not present in 1.0.2. To
address CVE-2018-5407, that code was backported to 1.0.2, but the
fixed version was used.


Kurt

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux