Bugzilla – Bug 963410
VUL-0: [TRACKERBUG] openssl: 2016-01-28 security releases
Last modified: 2016-02-09 19:28:09 UTC
https://mta.openssl.org/pipermail/openssl-announce/2016-January/000058.html Forthcoming OpenSSL releases ============================ The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2f, 1.0.1r. These releases will be made available on 28th January between approx. 1pm and 5pm (UTC). They will fix two security defects, one of "high" severity affecting 1.0.2 releases, and one "low" severity affecting all releases. Please see the following page for further details of severity levels: https://www.openssl.org/policies/secpolicy.html Please also note that, as per our previous announcements, support for 1.0.0 and 0.9.8 releases ended on 31st December 2015 and are no longer receiving security updates. Support for 1.0.1 will end on 31st December 2016. Yours The OpenSSL Project Team Tracker bug, details received via pre-notifications will be put into separate items. Based on the public pre-notification information: * the highest rating for any SUSE Linux Enterprise product is "low" * the highest rating for any openSUSE stable release is "low" * for openSUSE Tumbleweed the rating is "high"
bugbot adjusting priority
bug 963413 (CVE-2016-0701) SLE not affected, affects openSUSE Tumbleweed only. bug 963415 (CVE-2015-3197) SLE is affected, LOW severity. Will be included in the next available openSSL update.
This is an autogenerated message for OBS integration: This bug (963410) was mentioned in https://build.opensuse.org/request/show/356565 Factory / openssl
This is an autogenerated message for OBS integration: This bug (963410) was mentioned in https://build.opensuse.org/request/show/358362 Factory / openssl