Navigation:
Browse pkgsrc
(this page)
security openssl
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2012-03-14 15:48:33 by Matthias Scheler | Files touched by this commit (3) |  |
Log message:
Pullup ticket #3702 - requested by taca
security/openssl: security update
Revisions pulled up:
- security/openssl/Makefile 1.163
- security/openssl/distinfo 1.86
- security/openssl/patches/patch-asn_mime.c deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Mar 13 03:11:32 UTC 2012
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Removed Files:
pkgsrc/security/openssl/patches: patch-asn_mime.c
Log message:
Update openssl pacakge to 0.9.8u.
Changes between 0.9.8t and 0.9.8u [12 Mar 2012]
*) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
in CMS and PKCS7 code. When RSA decryption fails use a random key for
content decryption and always return the same error. Note: this attack
needs on average 2^20 messages so it only affects automated senders. The
old behaviour can be reenabled in the CMS code by setting the
CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
an MMA defence is not necessary.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
[Steve Henson]
*) Fix CVE-2011-4619: make sure we really are receiving a
client hello before rejecting multiple SGC restarts. Thanks to
Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug.
[Steve Henson]
|
| 2012-03-06 11:29:30 by Matthias Scheler | Files touched by this commit (3) |
Log message: Pullup ticket #3698 - requested by pettai security/openssl: security patch Revisions pulled up: - security/openssl/Makefile 1.162 - security/openssl/distinfo 1.85 - security/openssl/patches/patch-asn_mime.c 1.1 --- Module Name: pkgsrc Committed By: pettai Date: Mon Mar 5 00:26:55 UTC 2012 Modified Files: pkgsrc/security/openssl: Makefile distinfo Added Files: pkgsrc/security/openssl/patches: patch-asn_mime.c Log message: Add fix for CVE-2006-7250 |
| 2012-01-19 07:11:49 by Steven Drake | Files touched by this commit (2) |
Log message:
Pullup ticket #3656 - requested by taca
security/openssl security fix
Revisions pulled up:
- security/openssl/Makefile 1.160
- security/openssl/distinfo 1.84
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Jan 19 00:51:23 UTC 2012
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Log message:
Update security/openssl package to 0.9.8t.
OpenSSL CHANGES
_______________
Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
*) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
[Antonio Martin]
|
New packages: