Subject: CVS commit: pkgsrc/security/openssl
From: Takahiro Kambe
Date: 2012-04-24 07:03:49
Message id: 20120424050349.85289175DD@cvs.netbsd.org
Log Message:
Update openssl package to 0.9.8w.

Security fix for CVS-2012-2131.

 Changes between 0.9.8v and 0.9.8w [23 Apr 2012]

  *) The fix for CVE-2012-2110 did not take into account that the
     'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
     int in OpenSSL 0.9.8, making it still vulnerable. Fix by
     rejecting negative len parameter. (CVE-2012-2131)
     [Tomas Hoger <thoger@redhat.com>]
Files:
RevisionActionfile
1.166modifypkgsrc/security/openssl/Makefile
1.88modifypkgsrc/security/openssl/distinfo