When serious security problems in OpenSSL are discovered and corrected, the OpenSSL project issues a security advisory, describing the problem and containing a pointer to the fix.
If you think your have discovered a problem that has security implications then send details to firstname.lastname@example.org
The list below contains references where there is additional information on an issue which may assist OpenSSL users in understanding or responding to an issue.
|Date||Advisory||Description||CVE||Affected Versions||Fixed In Versions||Additional Information|
|05-Jun-2014||SECADV_20140605||SSL/TLS MITM vulnerability (and others)||CVE-2014-0224||OpenSSL-0.9.8a-y, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g||OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h||SECADV_20140605|
|07-Apr-2014||SECADV_20140407||TLS heartbeat read overrun||CVE-2014-1060|| OpenSSL-1.0.1a to OpenSSL-1.0.1f