)]}'
{
  "commit": "33d5ba862939ff8db70a9e36fc9a326fab3e8d98",
  "tree": "2c0acbb1b45c74ba1a74c4a92db78fd311b6292c",
  "parents": [
    "f50ffd10fa08c0762489119a4f36fa86163679ef"
  ],
  "author": {
    "name": "Emilia Kasper",
    "email": "emilia@openssl.org",
    "time": "Mon Dec 01 15:04:02 2014 +0100"
  },
  "committer": {
    "name": "Emilia Kasper",
    "email": "emilia@openssl.org",
    "time": "Fri Dec 05 16:32:39 2014 +0100"
  },
  "message": "Reject elliptic curve lists of odd lengths.\n\nThe Supported Elliptic Curves extension contains a vector of NamedCurves\nof 2 bytes each, so the total length must be even. Accepting odd-length\nlists was observed to lead to a non-exploitable one-byte out-of-bounds\nread in the latest development branches (1.0.2 and master). Released\nversions of OpenSSL are not affected.\n\nThanks to Felix Groebert of the Google Security Team for reporting this issue.\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "e0f28d254ba2be11a0b5fae220ff70bee7c2cb31",
      "old_mode": 33188,
      "old_path": "ssl/t1_lib.c",
      "new_id": "c5c8bb95f3a31e81b0be5e2f9737931c62ed3129",
      "new_mode": 33188,
      "new_path": "ssl/t1_lib.c"
    }
  ]
}
