Precisely the versions as stated in
https://openssl.org/news/secadv_20150709.txt are affected:
This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.
OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d
OpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p
This issue was reported to OpenSSL on 24th June 2015 by Adam
Langley/David
Benjamin (Google/BoringSSL). The fix was developed by the BoringSSL
project.
In other words, the bug was introduced in 1.0.1n resp. 1.0.2b, which was
roughly a month before it was fixed again.
On 07/21/2015 05:48 PM, Jayalakshmi bhat wrote:
> Hi All,
>
> Does *a**lternative chains certificate forgery** issue* affects the OpenSSL
> stacks earlier than 1.0.1n releases Why I am asking this question is affected
> code seems to be available in earlier versions as well.
>
>
> Thanks and Regards
>
> Jayalakshmi
>
>
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
