Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [netbsd-3-0] src/crypto/dist/openssl



Module Name:    src
Committed By:   tron
Date:           Fri Oct  6 11:11:58 UTC 2006

Modified Files:
        src/crypto/dist/openssl/crypto/asn1 [netbsd-3-0]: tasn_dec.c
        src/crypto/dist/openssl/crypto/dh [netbsd-3-0]: dh.h dh_err.c dh_key.c
        src/crypto/dist/openssl/crypto/dsa [netbsd-3-0]: dsa.h dsa_err.c
            dsa_ossl.c
        src/crypto/dist/openssl/crypto/rsa [netbsd-3-0]: rsa.h rsa_eay.c
            rsa_err.c
        src/crypto/dist/openssl/ssl [netbsd-3-0]: s2_clnt.c s3_srvr.c ssl_lib.c

Log Message:
Apply patch (requested by ghen in ticket #1537):
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
    OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows
    remote attackers to cause a denial of service (inifnite loop
    and memory consumption) via malformed ASN.1 structures that
    trigger an improperly handled error condition.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
    OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier
    versions allows attackers to cause a denial of service (CPU
    consumption) via certain public keys that require extra time
    to process.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
    Buffer overflow in the SSL_get_shared_ciphers function in
    OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier
    versions has unspecified impact and remote attack vectors
    involving a long list of ciphers.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
    Unspecified vulnerability in the SSLv2 client code in OpenSSL
    0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions
    allows remote servers to cause a denial of service (client
    crash) via unknown vectors.


To generate a diff of this commit:
cvs rdiff -r1.2 -r1.2.10.1 src/crypto/dist/openssl/crypto/asn1/tasn_dec.c
cvs rdiff -r1.5 -r1.5.10.1 src/crypto/dist/openssl/crypto/dh/dh.h
cvs rdiff -r1.1.1.4 -r1.1.1.4.10.1 src/crypto/dist/openssl/crypto/dh/dh_err.c
cvs rdiff -r1.1.1.5 -r1.1.1.5.10.1 src/crypto/dist/openssl/crypto/dh/dh_key.c
cvs rdiff -r1.6 -r1.6.10.1 src/crypto/dist/openssl/crypto/dsa/dsa.h
cvs rdiff -r1.1.1.4 -r1.1.1.4.10.1 \
    src/crypto/dist/openssl/crypto/dsa/dsa_err.c
cvs rdiff -r1.4 -r1.4.10.1 src/crypto/dist/openssl/crypto/dsa/dsa_ossl.c
cvs rdiff -r1.6 -r1.6.10.1 src/crypto/dist/openssl/crypto/rsa/rsa.h
cvs rdiff -r1.4 -r1.4.10.1 src/crypto/dist/openssl/crypto/rsa/rsa_eay.c
cvs rdiff -r1.1.1.4 -r1.1.1.4.10.1 \
    src/crypto/dist/openssl/crypto/rsa/rsa_err.c
cvs rdiff -r1.5 -r1.5.10.1 src/crypto/dist/openssl/ssl/s2_clnt.c
cvs rdiff -r1.8 -r1.8.10.1 src/crypto/dist/openssl/ssl/s3_srvr.c
cvs rdiff -r1.1.1.7 -r1.1.1.7.10.1 src/crypto/dist/openssl/ssl/ssl_lib.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.




Home | Main Index | Thread Index | Old Index