t-j-h
commented
1 month ago Both issues are being worked on now to resolve - thanks for noting the problem.
Closed davidben closed 2 weeks ago
t-j-h
commented
1 month ago Both issues are being worked on now to resolve - thanks for noting the problem.
t-j-h
commented
1 month ago The original files of the form https://www.openssl.org/news/secadv/20240627.txt are all accessible now (only the 2024 files were missing from the conversion of the website and that has been fixed). The incorrect links on the vulnerabilities page has been updated.
Thanks for pointing out the issue - we are working through a range of missing redirects and broken links as quickly as we can.
vavroch2010
commented
1 month ago This has been fixed. Thanks for reporting. Please check.
pombredanne
commented
2 weeks ago Thank you! Note there is no directory listing at https://openssl-library.org/news/secadv/ so no way to discover a list. See also https://github.com/openssl/web/issues/483
pombredanne
commented
2 weeks ago https://openssl.org/news/secjson/CVE-2002-0659.json does not redirect to https://openssl-library.org/news/secjson/CVE-2002-0659.json and https://openssl-library.org/news/secjson/ has no directory listing either.
t8m
commented
2 weeks ago @vavroch2010 @quarckster ^
pombredanne
commented
2 weeks ago Do you need help to fix these issues? Would you accept patches?
In which git can I find the data files for these advisories and where is the code for the web site?
t8m
commented
2 weeks ago Unfortunately the new web repository is currently not public.
pombredanne
commented
2 weeks ago @t8m Thanks for the quick reply! Any reason for public data not being public? It feels kinda weird :nerd_face:
pombredanne
commented
2 weeks ago @t8m related to #483 does this mean that the only way to collect your vulnerability data is now to scrape the web page at https://openssl-library.org/news/vulnerabilities/index.html ?
Also: https://openssl-library.org/news/secjson/CVE-2024-5535.json does not exists but https://openssl-library.org/news/secjson/CVE-2002-0659.json does so it seems that the JSON is not consistently present.
quarckster
commented
2 weeks ago Unfortunately the new web repository is currently not public.
I will take care of it
quarckster
commented
2 weeks ago I fixed the redirects. As of directory listing, it will take more time to implement.
quarckster
commented
2 weeks ago https://openssl.org/news/secjson/CVE-2002-0659.json does not redirect to https://openssl-library.org/news/secjson/CVE-2002-0659.json and https://openssl-library.org/news/secjson/ has no directory listing either.
It should be fixed now
OpenSSL advisories used to be available at https://www.openssl.org/news/secadv/20240627.txt. These URLs are archived everywhere, from emails, CVE trackers, and no doubt countless other sources.
OpenSSL's recent restructuring seems to have broken all of these links.
Not only that, the new vulnerabilities page links to URLs like https://openssl-library.org/news/vulnerabilities/secadv/20240627.txt. Those URLs are also broken.