kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/security/openssl/patches
History
taca 662d52e488 Update openssl package from 0.9.8m to 0.9.8n. 
Changes between 0.9.8m and 0.9.8n [24 Mar 2010]

  *) When rejecting SSL/TLS records due to an incorrect version number, never
     update s->server with a new major version number.  As of
     - OpenSSL 0.9.8m if 'short' is a 16-bit type,
     - OpenSSL 0.9.8f if 'short' is longer than 16 bits,
     the previous behavior could result in a read attempt at NULL when
     receiving specific incorrect SSL/TLS records once record payload
     protection is active.  (CVE-2010-0740)
     [Bodo Moeller, Adam Langley <agl@chromium.org>]

  *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
     could be crashed if the relevant tables were not present (e.g. chrooted).
     [Tomas Hoger <thoger@redhat.com>]
2010-04-12 14:19:17 +00:00
..
patch-aa Update openssl to 0.9.8m. 2010-02-26 03:15:13 +00:00
patch-ac Update openssl to 0.9.8m. 2010-02-26 03:15:13 +00:00
patch-ad
patch-ae
patch-af Update openssl to 0.9.8m. 2010-02-26 03:15:13 +00:00
patch-ag Link shared libraries with -rpath on IRIX to prevent check-shlibs errors. 2008-02-20 01:10:20 +00:00
patch-ak
patch-al