Subject: CVS commit: [pkgsrc-2012Q1] pkgsrc/security/openssl
From: Steven Drake
Date: 2012-04-24 09:47:28
Message id: 20120424074728.B50AF175DD@cvs.netbsd.org

Log Message:
Pullup ticket #3755 - requested by taca
security/openssl security update.

Revisions pulled up:
- security/openssl/Makefile                                     1.166
- security/openssl/distinfo                                     1.88

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Apr 24 05:03:49 UTC 2012

   Modified Files:
   	pkgsrc/security/openssl: Makefile distinfo

   Log Message:
   Update openssl package to 0.9.8w.

   Security fix for CVS-2012-2131.

    Changes between 0.9.8v and 0.9.8w [23 Apr 2012]

     *) The fix for CVE-2012-2110 did not take into account that the
        'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
        int in OpenSSL 0.9.8, making it still vulnerable. Fix by
        rejecting negative len parameter. (CVE-2012-2131)
        [Tomas Hoger <thoger@redhat.com>]

Files:
RevisionActionfile
1.164.2.2modifypkgsrc/security/openssl/Makefile
1.86.2.2modifypkgsrc/security/openssl/distinfo