oss-sec mailing list archives
Re: Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334)
From: Stuart Henderson <sthen () openbsd org>
Date: Fri, 16 Oct 2015 16:01:20 +0100
On 2015/10/16 12:06, Agostino Sarubbo wrote:
On Thursday 15 October 2015 17:54:16 Qualys Security Advisory wrote:We would like to thank the LibreSSL team for their great work and their incredibly quick response,Are these issues fixed upstream? If yes, is there a release which fixes the issues?
Yes, these releases were made: http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.0.6.tar.gz http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.1.8.tar.gz http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.4.tar.gz
If there isn't a release, do we have the link of the commit/diff?
The fixes are spread over several commits, so the combined diff is probably the easiest place to look: http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/007_obj2txt.patch.sig
Current thread:
- Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334) Qualys Security Advisory (Oct 15)
- Re: Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334) Agostino Sarubbo (Oct 16)
- Re: Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334) Andreas Stieger (Oct 16)
- Re: Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334) Stuart Henderson (Oct 16)
- Re: Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334) Agostino Sarubbo (Oct 16)