There is no test.  That fix can be applied.  1.0.0 is really old and 
unsupported, you should upgrade as soon as possible

--
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz

From: siva gopi raju kudeti [mailto:sivagopi...@gmail.com]
Sent: Thursday, August 11, 2016 6:18 AM
To: openssl-users@openssl.org
Subject: [openssl-users] CVE-2016-2180

Hi OpenSSL team,

I am using openssl-1.0.0e in my product. Here i want to know that OpenSSL is 
CVE-2016-2180 vulnerable or not.

https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca37365e8c7403a?diff=unified<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_commit_0ed26acce328ec16a3aa635f1ca37365e8c7403a-3Fdiff-3Dunified&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=in2joLu6jqlNBitsxFg73ZYSusePN_RJE6MXrjGwKJg&s=W9JT-cCKBKFVciZY8f7i6G3Z_47-U5_cKWMHpuEeekE&e=>

In this page showing some modifications to the function TS_OBJ_print_bio. Is 
these changes are fix this vulnerability?

Here i don't know how to test this vulnerability.

Can you please provide me with the test process or ant other information about 
this vulnerability to go further.

I will wait for your reply.

best regards,
Gopi.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to