CVS commit: pkgsrc/security/openssl

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/openssl
From: "Takahiro Kambe" <taca%netbsd.org@localhost>
Date: Tue, 24 Apr 2012 05:03:49 +0000

Module Name:    pkgsrc
Committed By:   taca
Date:           Tue Apr 24 05:03:49 UTC 2012

Modified Files:
        pkgsrc/security/openssl: Makefile distinfo

Log Message:
Update openssl package to 0.9.8w.

Security fix for CVS-2012-2131.

 Changes between 0.9.8v and 0.9.8w [23 Apr 2012]

  *) The fix for CVE-2012-2110 did not take into account that the
     'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
     int in OpenSSL 0.9.8, making it still vulnerable. Fix by
     rejecting negative len parameter. (CVE-2012-2131)
     [Tomas Hoger <thoger%redhat.com@localhost>]


To generate a diff of this commit:
cvs rdiff -u -r1.165 -r1.166 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.87 -r1.88 pkgsrc/security/openssl/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: Re: CVS commit: pkgsrc/inputmethod
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index