Difference between revisions of "Security Advisories"
m (correct linked page name) |
m (Added OSS Security mailing list for advanced notice to vendors.) |
||
Line 2: | Line 2: | ||
These are announced to the [http://www.mail-archive.com/openssl-announce@openssl.org/ openssl-announce] mailing list and generally also copied to the [http://www.mail-archive.com/openssl-users@openssl.org/ openssl-users] and [http://www.mail-archive.com/openssl-dev@openssl.org/ openssl-dev] mailing lists and noted in the official [https://www.openssl.org/news/vulnerabilities.html OpenSSL Vulnerabilities List]. | These are announced to the [http://www.mail-archive.com/openssl-announce@openssl.org/ openssl-announce] mailing list and generally also copied to the [http://www.mail-archive.com/openssl-users@openssl.org/ openssl-users] and [http://www.mail-archive.com/openssl-dev@openssl.org/ openssl-dev] mailing lists and noted in the official [https://www.openssl.org/news/vulnerabilities.html OpenSSL Vulnerabilities List]. | ||
+ | |||
+ | If you would like advanced notice of vulnerabilities before they are released to the general public, then please join [http://oss-security.openwall.org/wiki/mailing-lists/distros Operating system distribution security contact lists] at OpenWall's OSS Security. | ||
If you think your have discovered a problem that has security implications then send details to [mailto:openssl-security@openssl.org openssl-security@openssl.org] | If you think your have discovered a problem that has security implications then send details to [mailto:openssl-security@openssl.org openssl-security@openssl.org] |
Revision as of 03:41, 6 June 2014
When serious security problems in OpenSSL are discovered and corrected, the OpenSSL project issues a security advisory, describing the problem and containing a pointer to the fix.
These are announced to the openssl-announce mailing list and generally also copied to the openssl-users and openssl-dev mailing lists and noted in the official OpenSSL Vulnerabilities List.
If you would like advanced notice of vulnerabilities before they are released to the general public, then please join Operating system distribution security contact lists at OpenWall's OSS Security.
If you think your have discovered a problem that has security implications then send details to openssl-security@openssl.org
The list below contains references where there is additional information on an issue which may assist OpenSSL users in understanding or responding to an issue.
Date | Advisory | Description | CVE | Affected Versions | Fixed In Versions | Additional Information |
---|---|---|---|---|---|---|
05-Jun-2014 | SECADV_20140605 | SSL/TLS MITM vulnerability (and others) | CVE-2014-0224 | OpenSSL-0.9.8a-z, OpenSSL-1.0.0a-l, OpenSSL-1.0.1a-g | OpenSSL-0.9.8za, OpenSSL-1.0.0m, OpenSSL-1.0.1h | SECADV_20140605 |
07-Apr-2014 | SECADV_20140407 | TLS heartbeat read overrun | CVE-2014-1060 | OpenSSL-1.0.1a to OpenSSL-1.0.1f
OpenSSL-1.0.2 betas |
OpenSSL-1.0.1g
OpenSSL-1.0.2-beta2 |
SECADV_20140407 |