We’ve just released security updates to OpenSSL 0.9.8, 1.0.0, 1.0.1, and 1.0.2.
These updates fix a number of Moderate and Low severity security issues in OpenSSL. They also fix one new High severity issue, CVE-2015-0291, that affects just OpenSSL 1.0.2, released in January this year. A remote attacker could use this flaw to cause unfixed servers to crash, which could lead to a denial of service attack depending on the server.
At the end of January we completed the OpenSSL code reformat as previously mentioned here and here. This post is intended to give you a bit more insight into exactly what we’ve done.
We have previously announced our intention to reformat the entire codebase into a more consistent style (see our roadmap document here: https://www.openssl.org/policies/roadmap.html)
So I recently asked for help with our website on Twitter. It’s been my most popular tweet. Several people have expressed an interest – thanks for that, and thanks for your support.
The goal of this post is to list the requirements. It’s definitely incomplete and will evolve over time. Post your questions and comments and help refine the list!
Today the OpenSSL project published its Release Strategy. You can read it here. There are some really important announcements discussed in it. I’d like to spend a bit of time talking about the thinking that went into writing this strategy.
Well, we did it. We have an OpenSSL team blog.
Powered by Octopress. Take a bit of doing to get it running.
Whew.
#include <stdio.h>
int
main(int ac, char *av[])
{
printf("Hello, world\n");
return 0;
}