Theo de Raadt on OpenSSL vulnerabilities coming on...

[cjg_]

It is weird, two of them (CVE-2015-0288 and CVE-2015-0209) are listed here also with links to patches, https://security-tracker.debian.org/tracker/source-package/o... Why have embargo on the vulnerabilities if you publish patches anyway? Which makes me think that the patches has not been committed yet and that the embargoed are different ones than these.

[geeknik]

I found an OpenSSL bug that was assigned CVE-2015-0208 and it is still embargoed near as I can tell.