OpenSSL 1.1.1k
So what's the fix they put in to address a "high" vuln issue?
https://mta.openssl.org/pipermail/op...ch/000196.html |
From https://github.com/openssl/openssl/b...d#openssl-111:
Quote:
|
Based on previous releases, commits related to vulnerabilities don't appear in the repo until shortly before the release.
https://git.openssl.org/?p=openssl.git&a=search&h=HEAD&st=commit&s=CVE- 1.1.1j tagged at 15:24, CVE commits merged same day 11:32..11:40 1.1.1i tagged at 13:20, CVE commits merged same day 10:16 Since the release time they gave for 1.1.1k is between 13:00 and 17:00 UTC, and it's now 13:30 UTC the commits will likely appear within the next few hours, (but are not there at the time of posting). |
Looks like these two.
CVE-2021-3449 https://nvd.nist.gov/vuln/detail/CVE-2021-3449 https://cve.mitre.org/cgi-bin/cvenam...=CVE-2021-3449 CVE-2021-3450 https://nvd.nist.gov/vuln/detail/CVE-2021-3450 https://cve.mitre.org/cgi-bin/cvenam...=CVE-2021-3450 |
All times are GMT -5. The time now is 01:04 PM. |