CVS commit: pkgsrc/emulators/suse131_openssl

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/emulators/suse131_openssl
From: "OBATA Akio" <obache%netbsd.org@localhost>
Date: Fri, 6 Jun 2014 09:53:29 +0000

Module Name:    pkgsrc
Committed By:   obache
Date:           Fri Jun  6 09:53:29 UTC 2014

Modified Files:
        pkgsrc/emulators/suse131_openssl: Makefile distinfo

Log Message:
Apply openSUSE-SU-2014:0764-1
openSUSE Security Update: openssl: update to version 1.0.1h

Description:

   The openssl library was updated to version 1.0.1h fixing various security
   issues and bugs:

   Security issues fixed:
   - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully
     crafted handshake can force the use of weak keying material in OpenSSL
     SSL/TLS clients and servers.
   - CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS
     handshake to an OpenSSL DTLS client the code can be made to recurse
     eventually crashing in a DoS attack.
   - CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer
     overrun attack can be triggered by sending invalid DTLS fragments to an
      OpenSSL DTLS client or server. This is potentially exploitable to run
      arbitrary code on a vulnerable client or server.
   - CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH
     ciphersuites are subject to a denial of service attack.

Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 pkgsrc/emulators/suse131_openssl/Makefile \
    pkgsrc/emulators/suse131_openssl/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index