OpenSSL 1.0.2: CVE-2018-5407 PortSmash

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenSSL 1.0.2: CVE-2018-5407 PortSmash

Misaki Miyashita
Hi,

According to the following website:
     https://www.openwall.com/lists/oss-security/2018/11/01/4

OpenSSL <= 1.1.0h is affected.
Does that mean the problem also exist in the OpenSSL 1.0.2 release?

Thank you,

-- misaki
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.0.2: CVE-2018-5407 PortSmash

Billy Brumley
Howdy,

> According to the following website:
>      https://www.openwall.com/lists/oss-security/2018/11/01/4
>
> OpenSSL <= 1.1.0h is affected.
> Does that mean the problem also exist in the OpenSSL 1.0.2 release?

Yes, it does. Pending review:

https://github.com/openssl/openssl/pull/7593

BBB
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.0.2: CVE-2018-5407 PortSmash

Misaki Miyashita
Thanks for the info and the fix, BBB.

Regards,

-- misaki

On 11/8/2018 6:26 AM, Billy Brumley wrote:

> Howdy,
>
>> According to the following website:
>>       https://www.openwall.com/lists/oss-security/2018/11/01/4
>>
>> OpenSSL <= 1.1.0h is affected.
>> Does that mean the problem also exist in the OpenSSL 1.0.2 release?
> Yes, it does. Pending review:
>
> https://github.com/openssl/openssl/pull/7593
>
> BBB

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users