On Thu, Sep 22, Anton Aylward wrote:
On 09/22/2016 12:02 PM, Michael Fischer wrote:
OCSP Status Request extension unbounded memory growth (CVE-2016-6304) =====================================================================
Severity: High
A malicious client can send an excessively large OCSP Status Request extension.
.... </quote>
But don't deliberately go out there and cause confusion and invite malware. You may end up being that 'trusted correspondent' who actually has their account hacked.
Sorry... I don't get your reply. I was asking (mainly the SuSE folks on the list) if they expect patches out soon for any of the vulnerabilities mentioned in the advisory, or if SuSE's builds of openssl are not subject to those CVEs. Thanks. Michael -- Michael Fischer michael@visv.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org