CVS commit: src/crypto/dist/openssl/ssl

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/crypto/dist/openssl/ssl
From: Tonnerre Lombard <tonnerre%netbsd.org@localhost>
Date: Thu, 5 Jun 2008 15:30:11 +0000 (UTC)

Module Name:    src
Committed By:   tonnerre
Date:           Thu Jun  5 15:30:11 UTC 2008

Modified Files:
        src/crypto/dist/openssl/ssl: s3_clnt.c t1_lib.c

Log Message:
Fix two Denial of Service vulnerabilities in OpenSSL:
 - Fix flaw if server key exchange message is omitted from a TLS handshake
   which could lead to a silent crash.
 - Fix double free in TLS server name extensions which could lead to a
   remote crash.

Fixes CVE-2008-1672.


To generate a diff of this commit:
cvs rdiff -r1.11 -r1.12 src/crypto/dist/openssl/ssl/s3_clnt.c
cvs rdiff -r1.1.1.5 -r1.2 src/crypto/dist/openssl/ssl/t1_lib.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/sys/rump/librump/rumpkern
Next by Date: CVS commit: src/sys/dev/pci
Previous by Thread: CVS commit: src/sys/rump/librump/rumpkern
Next by Thread: CVS commit: src/sys/dev/pci
Indexes:

Home | Main Index | Thread Index | Old Index