Contributed by pitrh on from the liberal yak shaving dept.
The LibreSSL team has released LibreSSL 2.1.5, which the team characterizes as
relatively small, focused on bug fixes before 2.2.x development begins along-side OpenBSD 5.8.
In what could be a useful test of the LibreSSL project's code cleanup operation, the team notes that
This or earlier LibreSSL releases may also address issues that are to be revealed by The OpenSSL Project Team on the 19th of March, 2015.
The LibreSSL team is not typically apprised of OpenSSL-related security issues in advance. We will address any previously-unknown issues that are found to affect LibreSSL in future releases.
You can read the full announcement here, and it also follows in full after the fold.
UPDATE 2015-03-17 16:20 CET: Bob Beck (beck@) now reports that the OpenSSL project has communicated details of the still-embargoed OpenSSL vulnerabilities to LibreSSL core developers.
From: Brent CookTo: announce@openbsd.org, tech@openbsd.org Subject: LibreSSL 2.1.5 released We have released LibreSSL 2.1.5, which will be arriving in the LibreSSL directory of your local OpenBSD mirror soon. This release is relatively small, focused on bug fixes before 2.2.x development begins along-side OpenBSD 5.8. This or earlier LibreSSL releases may also address issues that are to be revealed by The OpenSSL Project Team on the 19th of March, 2015. The LibreSSL team is not typically apprised of OpenSSL-related security issues in advance. We will address any previously-unknown issues that are found to affect LibreSSL in future releases. Issues addressed since 2.1.4: * Fix incorrect comparison function in openssl(1) certhash command. Thanks to Christian Neukirchen / Void Linux. * Windows port improvements and bug fixes. - Removed a dependency on libgcc in 32-bit dynamic libraries. - Correct a hang in openssl(1) reading from stdin on an connection. - Initialize winsock in openssl(1) earlier, allow 'openssl ocsp' and any other network-related commands to function properly. * Reject all server DH keys smaller than 1024 bits. The LibreSSL project continues improvement of the codebase to reflect modern, safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.
(Comments are closed)