As many people have already noticed and mentioned, s/-13/-31/g in the
CVE numbers assigned as part of the great CVE game.
No, I can't "change the announcement" as I can't go edit the internet
to change public mailing list archives.. The CVE numbers are correct
in the patches and everywhere else t
On Sun, Dec 06, 2015 at 06:04:18AM -0500, Ted Unangst wrote:
> Bob Beck wrote:
> > Fixes have been commited for both CVE-2015-1394 and CVE-2015-1395.
> > CVE-2015-1394 warrants an errata.
>
> > The errata for CVE-2015-1394 is available for OpenBSD 5.8 and OpenBSD
> > 5.7 from the master site as we
Bob Beck wrote:
> Fixes have been commited for both CVE-2015-1394 and CVE-2015-1395.
> CVE-2015-1394 warrants an errata.
> The errata for CVE-2015-1394 is available for OpenBSD 5.8 and OpenBSD
> 5.7 from the master site as well as the mirrors:
To clear up any confusion, the CVE numbers should be
Four new OpenSSL CVE's were released today, which OpenSSL deemed to be
not of sufficient severity to warrant advance disclosure.
OpenBSD/LibreSSL is not vulnerable to two of these CVE
