Subject: CVS commit: src/crypto/dist/openssl
To: None <source-changes@NetBSD.org>
From: Christos Zoulas <christos@netbsd.org>
List: source-changes
Date: 09/29/2006 15:41:08 
Module Name:	src
Committed By:	christos
Date:		Fri Sep 29 15:41:08 UTC 2006

Modified Files:
	src/crypto/dist/openssl/crypto/asn1: tasn_dec.c
	src/crypto/dist/openssl/crypto/dh: dh.h dh_err.c dh_key.c
	src/crypto/dist/openssl/crypto/dsa: dsa.h dsa_err.c dsa_ossl.c
	src/crypto/dist/openssl/crypto/rsa: rsa.h rsa_eay.c rsa_err.c
	src/crypto/dist/openssl/ssl: s3_srvr.c ssl_lib.c

Log Message:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
    OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows
    remote attackers to cause a denial of service (inifnite loop
    and memory consumption) via malformed ASN.1 structures that
    trigger an improperly handled error condition.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
    OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier
    versions allows attackers to cause a denial of service (CPU
    consumption) via certain public keys that require extra time
    to process.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
    Buffer overflow in the SSL_get_shared_ciphers function in
    OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier
    versions has unspecified impact and remote attack vectors
    involving a long list of ciphers.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
    Unspecified vulnerability in the SSLv2 client code in OpenSSL
    0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions
    allows remote servers to cause a denial of service (client
    crash) via unknown vectors.


To generate a diff of this commit:
cvs rdiff -r1.4 -r1.5 src/crypto/dist/openssl/crypto/asn1/tasn_dec.c
cvs rdiff -r1.7 -r1.8 src/crypto/dist/openssl/crypto/dh/dh.h
cvs rdiff -r1.1.1.7 -r1.2 src/crypto/dist/openssl/crypto/dh/dh_err.c
cvs rdiff -r1.1.1.8 -r1.2 src/crypto/dist/openssl/crypto/dh/dh_key.c
cvs rdiff -r1.8 -r1.9 src/crypto/dist/openssl/crypto/dsa/dsa.h
cvs rdiff -r1.1.1.5 -r1.2 src/crypto/dist/openssl/crypto/dsa/dsa_err.c
cvs rdiff -r1.6 -r1.7 src/crypto/dist/openssl/crypto/dsa/dsa_ossl.c
cvs rdiff -r1.11 -r1.12 src/crypto/dist/openssl/crypto/rsa/rsa.h
cvs rdiff -r1.8 -r1.9 src/crypto/dist/openssl/crypto/rsa/rsa_eay.c
cvs rdiff -r1.3 -r1.4 src/crypto/dist/openssl/crypto/rsa/rsa_err.c
cvs rdiff -r1.12 -r1.13 src/crypto/dist/openssl/ssl/s3_srvr.c
cvs rdiff -r1.1.1.11 -r1.2 src/crypto/dist/openssl/ssl/ssl_lib.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.