The branch master has been updated
via ba98fa477470b023d70a080fad35dd406b573f3f (commit)
via edfd2b0b8980e340b13d288fc373c8ee9b909307 (commit)
from 9d8e43e70514d403e27663b13d06963c5381603b (commit)
- Log -----------------------------------------------------------------
commit ba98fa477470b023d70a080fad35dd406b573f3f
Merge: 9d8e43e edfd2b0
Author: Mark J. Cox <m...@openssl.org>
Date: Fri Jan 3 10:05:39 2020 +0000
Merge pull request #150 from iamamoose/eolstatements
Update the vulnerability XML to also include some statements about EOL
commit edfd2b0b8980e340b13d288fc373c8ee9b909307
Author: Mark J. Cox <m...@awe.com>
Date: Fri Jan 3 09:50:43 2020 +0000
Update the vulnerability XML to also include some statements about EOL
versions
that was we can make it clear on the vulnerability page when things are EOL
-----------------------------------------------------------------------
Summary of changes:
bin/mk-cvepage | 3 +++
news/vulnerabilities.xml | 8 ++++++++
2 files changed, 11 insertions(+)
diff --git a/bin/mk-cvepage b/bin/mk-cvepage
index 10654b6..83333ab 100755
--- a/bin/mk-cvepage
+++ b/bin/mk-cvepage
@@ -140,6 +140,9 @@ preface += "<p>Show issues fixed only in OpenSSL " + ",
".join(bases)
if options.base:
preface += ", or <a href=\"vulnerabilities.html\">all versions</a>"
preface += "<h2>Fixed in OpenSSL %s</h2>" %(options.base)
+ for statement in dom.getElementsByTagName('statement'):
+ if (statement.getAttribute("base") in options.base):
+ preface += statement.firstChild.data.strip()
preface += "</p>"
if len(allyears)>1: # If only vulns in this year no need for the year table of
contents
preface += "<p><a name=\"toc\">Jump to year: </a>" + ", ".join( "<a
href=\"#y%s\">%s</a>" %(year,year) for year in allyears)
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index de81fa1..0378674 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -7336,6 +7336,14 @@ default and not common.</description>
<advisory url="/news/secadv/20140605.txt"/>
</issue>
+ <statement base="0.9.6">OpenSSL 0.9.6 is out of support and no longer
receiving updates.</statement>
+ <statement base="0.9.7">OpenSSL 0.9.7 is out of support and no longer
receiving updates.</statement>
+ <statement base="0.9.8">OpenSSL 0.9.8 is out of support since 1st January
2016 and no longer receiving updates.</statement>
+ <statement base="1.0.0">OpenSSL 1.0.0 is out of support since 1st January
2016 and no longer receiving updates.</statement>
+ <statement base="1.0.1">OpenSSL 1.0.1 is out of support since 1st January
2017 and no longer receiving updates.</statement>
+ <statement base="1.0.2">OpenSSL 1.0.2 is out of support since 1st January
2020 and is no longer receiving updates. Extended support is available from
OpenSSL Software Services for premium support customers</statement>
+ <statement base="1.1.0">OpenSSL 1.1.0 is out of support since 12th September
2019 and no longer receiving updates.</statement>
+
</security>
