On Mon, Aug 25, 2014 at 02:27:27PM +0530, sandeep umesh wrote: > Hello users, > > NVD vulnerability database confirms the below link as the patch for > CVE-2014-5139 - > > https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=80bd7b41b30af6ee96f519e629463583318de3b0 > > This is indicating to CVE-2014-2970. > > Where as, the commit for CVE-2014-5139 seems to be - > https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=83764a989dcc87fbea337da5f8f86806fe767b7e > > Can someone please confirm the patch for this CVE? Thanks
They are mostly the same, but CVE-2014-2970 should not be used: CVE-2014-2970 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5139. Reason: This candidate is a duplicate of CVE-2014-5139, and has also been used to refer to an unrelated topic that is currently outside the scope of CVE. This unrelated topic is a LibreSSL code change adding functionality for certain process-bifurcation use cases that might arise in future LibreSSL-based applications. There is no CVE ID associated with this LibreSSL code change. As of 20140730, CVE-2014-5139 is an undisclosed vulnerability in a different product, with ongoing vulnerability coordination that had previously used the CVE-2014-2970 ID. Ciao, Marcus ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
