mgdm · July 9, 2015 12:51
diff --git a/gistfile1.txt b/gistfile1.txt
 OpenSSL Security Advisory [9 Jul 2015]
 =======================================

 Alternative chains certificate forgery (CVE-2015-1793)
 ======================================================

 Severity: High

 During certificate verification, OpenSSL (starting from version 1.0.1n and
 1.0.2b) will attempt to find an alternative certificate chain if the first
 attempt to build such a chain fails. An error in the implementation of this
 logic can mean that an attacker could cause certain checks on untrusted
 certificates to be bypassed, such as the CA flag, enabling them to use a valid
 leaf certificate to act as a CA and "issue" an invalid certificate.

 This issue will impact any application that verifies certificates including
 SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.

 This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.

 OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d
 OpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p

 This issue was reported to OpenSSL on 24th June 2015 by Adam Langley/David
 Benjamin (Google/BoringSSL). The fix was developed by the BoringSSL project.

 Note
 ====

 As per our previous announcements and our Release Strategy
 (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions
 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these
 releases will be provided after that date. Users of these releases are advised
 to upgrade.

 References
 ==========

 URL for this Security Advisory:
 https://www.openssl.org/news/secadv_20150709.txt

 Note: the online version of the advisory may be updated with additional
 details over time.

 For details of OpenSSL severity classifications please see:
 https://www.openssl.org/about/secpolicy.html
	OpenSSL Security Advisory [9 Jul 2015]
	=======================================

	Alternative chains certificate forgery (CVE-2015-1793)
	======================================================

	Severity: High

	During certificate verification, OpenSSL (starting from version 1.0.1n and
	1.0.2b) will attempt to find an alternative certificate chain if the first
	attempt to build such a chain fails. An error in the implementation of this
	logic can mean that an attacker could cause certain checks on untrusted
	certificates to be bypassed, such as the CA flag, enabling them to use a valid
	leaf certificate to act as a CA and "issue" an invalid certificate.

	This issue will impact any application that verifies certificates including
	SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.

	This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.

	OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d
	OpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p

	This issue was reported to OpenSSL on 24th June 2015 by Adam Langley/David
	Benjamin (Google/BoringSSL). The fix was developed by the BoringSSL project.

	Note
	====

	As per our previous announcements and our Release Strategy
	(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions
	1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these
	releases will be provided after that date. Users of these releases are advised
	to upgrade.

	References
	==========

	URL for this Security Advisory:
	https://www.openssl.org/news/secadv_20150709.txt

	Note: the online version of the advisory may be updated with additional
	details over time.

	For details of OpenSSL severity classifications please see:
	https://www.openssl.org/about/secpolicy.html