* [Buildroot] [PATCH] openssl: security bump to version 1.0.1i
@ 2014-08-07 12:30 Gustavo Zacarias
2014-08-07 19:07 ` Bernd Kuhls
2014-08-07 20:14 ` Thomas Petazzoni
0 siblings, 2 replies; 3+ messages in thread
From: Gustavo Zacarias @ 2014-08-07 12:30 UTC (permalink / raw)
To: buildroot
Fixes:
CVE-2014-3508 - Information leak in pretty printing functions
CVE-2014-5139 - Crash with SRP ciphersuite in Server Hello message
CVE-2014-3509 - Race condition in ssl_parse_serverhello_tlsext
CVE-2014-3505 - Double Free when processing DTLS packets
CVE-2014-3506 - DTLS memory exhaustion
CVE-2014-3507 - DTLS memory leak from zero-length fragments
CVE-2014-3510 - OpenSSL DTLS anonymous EC(DH) denial of service
CVE-2014-3511 - OpenSSL TLS protocol downgrade attack
CVE-2014-3512 - SRP buffer overrun
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
package/openssl/openssl.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package/openssl/openssl.mk b/package/openssl/openssl.mk
index 7e49a65..4911034 100644
--- a/package/openssl/openssl.mk
+++ b/package/openssl/openssl.mk
@@ -4,7 +4,7 @@
#
################################################################################
-OPENSSL_VERSION = 1.0.1h
+OPENSSL_VERSION = 1.0.1i
OPENSSL_SITE = http://www.openssl.org/source
OPENSSL_LICENSE = OpenSSL or SSLeay
OPENSSL_LICENSE_FILES = LICENSE
--
1.8.5.5
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] openssl: security bump to version 1.0.1i
2014-08-07 12:30 [Buildroot] [PATCH] openssl: security bump to version 1.0.1i Gustavo Zacarias
@ 2014-08-07 19:07 ` Bernd Kuhls
2014-08-07 20:14 ` Thomas Petazzoni
1 sibling, 0 replies; 3+ messages in thread
From: Bernd Kuhls @ 2014-08-07 19:07 UTC (permalink / raw)
To: buildroot
Gustavo Zacarias <gustavo@zacarias.com.ar> wrote in
news:1407414643-11152-1-git-send-email-gustavo at zacarias.com.ar:
> -OPENSSL_VERSION = 1.0.1h
> +OPENSSL_VERSION = 1.0.1i
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] openssl: security bump to version 1.0.1i
2014-08-07 12:30 [Buildroot] [PATCH] openssl: security bump to version 1.0.1i Gustavo Zacarias
2014-08-07 19:07 ` Bernd Kuhls
@ 2014-08-07 20:14 ` Thomas Petazzoni
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2014-08-07 20:14 UTC (permalink / raw)
To: buildroot
Dear Gustavo Zacarias,
On Thu, 7 Aug 2014 09:30:43 -0300, Gustavo Zacarias wrote:
> Fixes:
> CVE-2014-3508 - Information leak in pretty printing functions
> CVE-2014-5139 - Crash with SRP ciphersuite in Server Hello message
> CVE-2014-3509 - Race condition in ssl_parse_serverhello_tlsext
> CVE-2014-3505 - Double Free when processing DTLS packets
> CVE-2014-3506 - DTLS memory exhaustion
> CVE-2014-3507 - DTLS memory leak from zero-length fragments
> CVE-2014-3510 - OpenSSL DTLS anonymous EC(DH) denial of service
> CVE-2014-3511 - OpenSSL TLS protocol downgrade attack
> CVE-2014-3512 - SRP buffer overrun
>
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
> ---
> package/openssl/openssl.mk | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Applied, thanks!
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-08-07 20:14 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-08-07 12:30 [Buildroot] [PATCH] openssl: security bump to version 1.0.1i Gustavo Zacarias
2014-08-07 19:07 ` Bernd Kuhls
2014-08-07 20:14 ` Thomas Petazzoni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.