summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Geoff Thorpe [Fri, 30 May 2014 23:36:01 +0000 (19:36 -0400)]
End-of-line 'secadv' branch
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Mark J. Cox [Fri, 30 May 2014 12:36:12 +0000 (13:36 +0100)]
Will include roll up of these public things
Mark J. Cox [Fri, 30 May 2014 12:32:33 +0000 (13:32 +0100)]
Fragment ready to add to news/vulnerabilities.xml
Mark J. Cox [Fri, 30 May 2014 12:19:58 +0000 (13:19 +0100)]
Actually next will be 1.0.0m
Mark J. Cox [Thu, 29 May 2014 20:15:06 +0000 (21:15 +0100)]
Note gitdiff for things we won't supply a patch for
Matt Caswell [Thu, 29 May 2014 19:37:17 +0000 (20:37 +0100)]
Fixed typo
Mark J. Cox [Thu, 29 May 2014 18:03:26 +0000 (19:03 +0100)]
For the vendors
Mark J. Cox [Thu, 29 May 2014 17:42:03 +0000 (18:42 +0100)]
Mention when and how we were notified about issues (people always care
about this). Note 0.9.8 which gets one fix
Dr. Stephen Henson [Thu, 29 May 2014 13:51:04 +0000 (14:51 +0100)]
Add CVE-2014-3470
Mark J. Cox [Thu, 29 May 2014 09:40:02 +0000 (10:40 +0100)]
Merge branch 'secadv' of openssl.net:openssl-team-internal into secadv
Mark J. Cox [Thu, 29 May 2014 09:39:23 +0000 (10:39 +0100)]
Add other missing but fixed issue
Mark J. Cox [Wed, 28 May 2014 13:53:22 +0000 (14:53 +0100)]
Add CVE-2014-0198 to the advisory; this is already fixed in git
so we'll pick up the changes (at least for 1.0.1, 1.0.0 we should
double check).
Dr. Stephen Henson [Wed, 28 May 2014 11:47:14 +0000 (12:47 +0100)]
Typo.
Dr. Stephen Henson [Wed, 28 May 2014 11:36:23 +0000 (12:36 +0100)]
Clarify client authentication vulnerability.
Mark J. Cox [Tue, 27 May 2014 12:02:01 +0000 (13:02 +0100)]
Add headsup draft for ops-trust and openssl foundation folks
Mark J. Cox [Tue, 27 May 2014 11:46:51 +0000 (12:46 +0100)]
Update date
Mark J. Cox [Tue, 27 May 2014 11:46:26 +0000 (12:46 +0100)]
Rename for new release date
Dr. Stephen Henson [Fri, 23 May 2014 13:03:21 +0000 (14:03 +0100)]
Mention client auth hijack for earlier servers.
Mark J. Cox [Thu, 22 May 2014 18:59:04 +0000 (19:59 +0100)]
Start on the other issues timelines
Mark J. Cox [Thu, 22 May 2014 18:58:40 +0000 (19:58 +0100)]
Remove things from here that are in the secadv
Mark J. Cox [Thu, 22 May 2014 18:41:29 +0000 (19:41 +0100)]
For lazy press, spell out MITM
Dr. Stephen Henson [Wed, 21 May 2014 13:34:14 +0000 (14:34 +0100)]
Some clarification, add fix credits.
Mark J. Cox [Tue, 13 May 2014 17:58:53 +0000 (18:58 +0100)]
ZDI are the middle men (like CERT) and don't deserve credit from us
Dr. Stephen Henson [Tue, 13 May 2014 17:35:45 +0000 (18:35 +0100)]
Correct URL.
Dr. Stephen Henson [Tue, 13 May 2014 17:33:17 +0000 (18:33 +0100)]
Clarify versions affected, correct credits.
Dr. Stephen Henson [Tue, 13 May 2014 14:08:43 +0000 (15:08 +0100)]
Clarify wording, at some credits.
Dr. Stephen Henson [Tue, 13 May 2014 12:25:20 +0000 (13:25 +0100)]
Initial, incomplete advisory draft.
Mark J. Cox [Sat, 10 May 2014 09:12:53 +0000 (10:12 +0100)]
Cleanups
Mark J. Cox [Fri, 9 May 2014 18:34:35 +0000 (19:34 +0100)]
Add note of hardening discussion
Mark J. Cox [Fri, 9 May 2014 15:31:59 +0000 (16:31 +0100)]
Clarifications:
Mark J. Cox [Fri, 9 May 2014 15:10:06 +0000 (16:10 +0100)]
Two more from April
Mark J. Cox [Fri, 9 May 2014 14:47:23 +0000 (15:47 +0100)]
First pass at stuff-we-need-to-deal-with
Mark J. Cox [Fri, 9 May 2014 14:45:13 +0000 (15:45 +0100)]
Add a file to track any unfixed CVE
Dr. Stephen Henson [Mon, 7 Apr 2014 17:12:25 +0000 (18:12 +0100)]
Update date.
Dr. Stephen Henson [Thu, 3 Apr 2014 14:51:49 +0000 (15:51 +0100)]
Update date, rename file.
Ben Laurie [Tue, 1 Apr 2014 17:07:19 +0000 (18:07 +0100)]
Put back Steve's wording change.
Ben Laurie [Tue, 1 Apr 2014 16:58:17 +0000 (17:58 +0100)]
Clarify language slightly, mention 1.0.2.
Dr. Stephen Henson [Tue, 1 Apr 2014 16:55:13 +0000 (17:55 +0100)]
Provisional date, clarify workaround.
Dr. Stephen Henson [Tue, 1 Apr 2014 16:00:38 +0000 (17:00 +0100)]
Add CVE and workaround.
Dr. Stephen Henson [Tue, 1 Apr 2014 15:55:52 +0000 (16:55 +0100)]
Initial heartbeat advisory.
Dr. Stephen Henson [Tue, 1 Apr 2014 15:54:51 +0000 (16:54 +0100)]
Branch description.