

OpenSSL 1.0.2 ClientHello Sigalgs DoS (CVE-2015-0291) - buro9
https://www.openssl.org/news/secadv_20150319.txt

======
mukyu
Wasn't loading for me:
[http://pastebin.com/raw.php?i=Qq6SFiDF](http://pastebin.com/raw.php?i=Qq6SFiDF)

changelog:
[http://pastebin.com/raw.php?i=zeuMLdS1](http://pastebin.com/raw.php?i=zeuMLdS1)

~~~
sp332
Your comment on the other thread is dead because it's a dupe of this one.
Delete that one, and make a new comment with slightly different text.

~~~
mukyu
.. really? Someone else already linked a mirror so I don't need to bother, but
I never would have known if you didn't tell me.

That seems like a bit of an over-zealous heuristic for spam. Also, it seems
silly to have two different threads just because one URL has https in the
first place.

~~~
sp332
Yeah, it's even labeled [dupe]. I don't think it's for spam, it's just for
double-posting.

------
cremno
The commit that fixes CVE-2015-0291:
[https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h...](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34e3edbf3a10953cb407288101fd56a629af22f9;hp=09f06923e636019c39c807cb59c481375e720556)

