Re: [oss-security] Forthcoming OpenSSL Releases
Shawn, On Thu, 27 Oct 2022 at 02:00, Shawn Webb wrote: > I don't see anything on the CERT Vince site. Is there any way we could > coordinate a response via CERT? This is addressed within the "Prenotification policy" of https://www.openssl.org/policies/general/security-policy.html -- Regards, Christian Heinrich http://cmlh.id.au/contact
Re: [oss-security] Forthcoming OpenSSL Releases
On Tue, Oct 25, 2022 at 02:54:15PM +0200, Ing. Martin Koci, MBA wrote: > Hello, > > The OpenSSL project team would like to announce the forthcoming release of > OpenSSL version 3.0.7. > > This release will be made available on Tuesday 1st November 2022 between > 1300-1700 UTC. > > OpenSSL 3.0.7 is a security-fix release. The highest severity issue fixed in > this release is CRITICAL: Hey there, I don't see anything on the CERT Vince site. Is there any way we could coordinate a response via CERT? Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc signature.asc Description: PGP signature
Forthcoming OpenSSL Releases
Hello, The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 3.0.7. This release will be made available on Tuesday 1st November 2022 between 1300-1700 UTC. OpenSSL 3.0.7 is a security-fix release. The highest severity issue fixed in this release is CRITICAL: https://www.openssl.org/policies/general/security-policy.html Yours The OpenSSL Project Team OpenPGP_0x6D0A36D2E30590A6.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
Forthcoming OpenSSL Releases
Hello, The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 3.0.6 and 1.1.1r. These releases will be made available on Tuesday 11th October 2022 between 1300-1700 UTC. OpenSSL 3.0.6 is a security-fix release. The highest severity issue fixed in OpenSSL 3.0.6 is Low: https://www.openssl.org/policies/secpolicy.html OpenSSL 1.1.1 is a bug-fix release. There are no security issues fixed in this release. Yours The OpenSSL Project Team OpenPGP_0xD9C4D26D0E604491.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
Forthcoming OpenSSL Releases
Hello, The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 3.0.4, 1.1.1p. These releases will be made available on Tuesday 21st June 2022 between 1300-1700 UTC. These are security-fix releases. The highest severity issue fixed in these releases is MODERATE: https://www.openssl.org/policies/secpolicy.html#moderate Yours The OpenSSL Project Team
Re: Forthcoming OpenSSL Releases
The OpenSSL Project team have decided to postpone the releases of 3.0.3 and 1.1.1o planned for today. These releases will now be made available on Tuesday 3rd May 2022 between 1300-1700 UTC. These are security-fix releases. The highest severity issue fixed in these releases is MODERATE: https://www.openssl.org/policies/secpolicy.html#moderate Yours The OpenSSL Project Team On 19/04/2022 20:51, Matt Caswell wrote: The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 3.0.3 and 1.1.1o. These releases will be made available on Tuesday 26th April 2022 between 1300-1700 UTC. These are security-fix releases. The highest severity issue fixed in these releases is MODERATE: https://www.openssl.org/policies/secpolicy.html#moderate Yours The OpenSSL Project Team OpenPGP_0xD9C4D26D0E604491.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
Forthcoming OpenSSL Releases
The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 3.0.3 and 1.1.1o. These releases will be made available on Tuesday 26th April 2022 between 1300-1700 UTC. These are security-fix releases. The highest severity issue fixed in these releases is MODERATE: https://www.openssl.org/policies/secpolicy.html#moderate Yours The OpenSSL Project Team OpenPGP_0xD9C4D26D0E604491.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
Forthcoming OpenSSL releases
The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 3.0.2 and 1.1.1n. These releases will be made available on Tuesday 15th March 2022 between 1300-1700 UTC. These are security-fix releases. The highest severity issue fixed in these releases is HIGH: https://www.openssl.org/policies/secpolicy.html#high Yours The OpenSSL Project Team OpenPGP_0xD9C4D26D0E604491.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
Forthcoming OpenSSL Releases
The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.1m and 3.0.1. These releases will be made available on Tuesday 14th December 2021 between 1300-1700 UTC. OpenSSL 3.0.1 is a security and bug fix release. The highest severity issue fixed in this release is MODERATE: https://www.openssl.org/policies/secpolicy.html#moderate OpenSSL 1.1.1m is a bug fix release. There are no security issues addressed in this release. Yours The OpenSSL Project Team OpenPGP_0xD9C4D26D0E604491.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
Re: Forthcoming OpenSSL Releases
On 03/09/2019 17:19, Matt Caswell wrote: > The OpenSSL project team would like to announce the forthcoming release > of OpenSSL versions 1.1.1d, 1.1.0l and 1.0.2t. > > These releases will be made available on 10th September 2019 between > approximately 1200-1600 UTC. > > These are security fix releases. The highest severity security issue fixed by > these releases is rated as LOW. > > Please note that this is expected to be the last release of 1.1.0 before it > goes > out of support on 11th September 2019. We have encountered some technical problems pushing these releases onto the website today. Until those are resolved the release tarballs are not visible via the standard links. The releases are temporarily available at this non-standard location: https://www.openssl.org/source/? You can download them directly from there until such time as we fix the website. We will send out the normal release announcements as soon as everything is working normally again. Regards Matt signature.asc Description: OpenPGP digital signature
Forthcoming OpenSSL Releases
The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.1d, 1.1.0l and 1.0.2t. These releases will be made available on 10th September 2019 between approximately 1200-1600 UTC. These are security fix releases. The highest severity security issue fixed by these releases is rated as LOW. Please note that this is expected to be the last release of 1.1.0 before it goes out of support on 11th September 2019. Yours The OpenSSL Project Team signature.asc Description: OpenPGP digital signature
Re: Forthcoming OpenSSL Releases
On 21/05/2019 16:43, Matt Caswell wrote: > The OpenSSL project team would like to announce the forthcoming release > of OpenSSL versions 1.1.1c, 1.1.0k and 1.0.2s. > > These releases will be made available on 28th May 2019 between approximately > 1200-1600 UTC. > > OpenSSL 1.1.0k and 1.0.2s contain security hardening bug fixes only but do not > address any CVEs. OpenSSL 1.1.1c is a bug-fix release (and contains the > equivalent security hardening fixes as for 1.1.0k and 1.0.2s where relevant). Correction to this announcement: OpenSSL 1.1.1c and OpenSSL 1.1.0k (released yesterday) do not address any new CVEs. They do however contain a fix for a previously announced low severity CVE (CVE-2019-1543). See the original security advisory here: https://www.openssl.org/news/secadv/20190306.txt Matt signature.asc Description: OpenPGP digital signature
Forthcoming OpenSSL Releases
The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.1c, 1.1.0k and 1.0.2s. These releases will be made available on 28th May 2019 between approximately 1200-1600 UTC. OpenSSL 1.1.0k and 1.0.2s contain security hardening bug fixes only but do not address any CVEs. OpenSSL 1.1.1c is a bug-fix release (and contains the equivalent security hardening fixes as for 1.1.0k and 1.0.2s where relevant). Yours The OpenSSL Project Team signature.asc Description: OpenPGP digital signature
Forthcoming OpenSSL Releases
The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.1b and 1.0.2r. There will be no new 1.1.0 release at this time. These releases will be made available on 26th February 2019 between approximately 1300-1700 UTC. OpenSSL 1.0.2r is a security-fix release. The highest severity issue fixed in this release is MODERATE: https://www.openssl.org/policies/secpolicy.html#moderate OpenSSL 1.1.1b is a bug-fix release. Yours The OpenSSL Project Team signature.asc Description: OpenPGP digital signature
[openssl-project] Forthcoming OpenSSL Releases
The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.1a, 1.1.0j and 1.0.2q. These releases will be made available on 20th November 2018 between approximately 1300-1700 UTC. These are bug-fix releases. They also contain the fixes for three LOW severity security issues CVE-2018-0735, CVE-2018-0734 and CVE-2018-5407 which were previously announced here: https://www.openssl.org/news/secadv/20181029.txt https://www.openssl.org/news/secadv/20181030.txt https://www.openssl.org/news/secadv/20181112.txt CVE-2018-0735 only affects the 1.1.0 branch. CVE-2018-0734 affects the 1.1.1, 1.1.0 and 1.0.2 branches. CVE-2018-5407 affects the 1.0.2 branch. It also affects older 1.1.0 releases before 1.1.0i. Yours The OpenSSL Project Team signature.asc Description: OpenPGP digital signature ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] Forthcoming OpenSSL releases
>>>>> Forthcoming OpenSSL releases >>>>> >>>> >>>> I have some RSA hardening fixes in pipeline... >>> >>> Do you suggest we wait with a release on that, or can we just put >>> it in the next release? >> >> I should be able to pull it off in before release. What I'm saying is >> that it would probably be appropriate to review them as they appear. > > Is it #6915 you're talking about? Updates to blinding are coming shortly. ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] Forthcoming OpenSSL releases
On Tue, Aug 07, 2018 at 04:52:28PM +0200, Andy Polyakov wrote: > >>> Forthcoming OpenSSL releases > >>> > >> > >> I have some RSA hardening fixes in pipeline... > > > > Do you suggest we wait with a release on that, or can we just put > > it in the next release? > > I should be able to pull it off in before release. What I'm saying is > that it would probably be appropriate to review them as they appear. Is it #6915 you're talking about? I'm not sure we're going to be able to properly review that before the releases of 1.0.2 and 1.1.0. Kurt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] Forthcoming OpenSSL releases
On Tue, Aug 07, 2018 at 04:15:52PM +0200, Andy Polyakov wrote: > > Forthcoming OpenSSL releases > > > > I have some RSA hardening fixes in pipeline... Do you suggest we wait with a release on that, or can we just put it in the next release? Kurt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] Forthcoming OpenSSL releases
>>> Forthcoming OpenSSL releases >>> >> >> I have some RSA hardening fixes in pipeline... > > Do you have PR numbers for them? "in pipeline" kind of means "not yet [but I'll intensify the work to put them out]". In other words it's a pre-heads-up thing... ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] Forthcoming OpenSSL releases
On 07/08/18 15:15, Andy Polyakov wrote: >> Forthcoming OpenSSL releases >> > > I have some RSA hardening fixes in pipeline... Do you have PR numbers for them? Matt > ___ > openssl-project mailing list > openssl-project@openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-project > ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] Forthcoming OpenSSL releases
> Forthcoming OpenSSL releases > I have some RSA hardening fixes in pipeline... ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
[openssl-project] Forthcoming OpenSSL releases
Forthcoming OpenSSL releases The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.0i and 1.0.2p. These releases will be made available on 14th August 2018 between approximately 1200-1600 UTC. These are bug-fix releases. They also contain the fixes for two LOW severity security issues (CVE-2018-0732 and CVE-2018-0737) which were previously announced here: https://www.openssl.org/news/secadv/20180612.txt https://www.openssl.org/news/secadv/20180416.txt Yours The OpenSSL Project Team signature.asc Description: OpenPGP digital signature ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] Forthcoming OpenSSL releases
This should include the fix to the bug Guido found. On 3/20/18, 1:18 PM, "Matt Caswell" <m...@openssl.org> wrote: Forthcoming OpenSSL releases The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.0h and 1.0.2o. These releases will be made available on 27th March 2018 between approximately 1300-1700 UTC. These are security-fix releases. The highest severity issue fixed in these releases is MODERATE. Yours The OpenSSL Project Team ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project