[Buildroot] [PATCH] openssl: security bump to version 1.0.1i
Thomas Petazzoni
thomas.petazzoni at free-electrons.com
Thu Aug 7 20:14:51 UTC 2014
Dear Gustavo Zacarias,
On Thu, 7 Aug 2014 09:30:43 -0300, Gustavo Zacarias wrote:
> Fixes:
> CVE-2014-3508 - Information leak in pretty printing functions
> CVE-2014-5139 - Crash with SRP ciphersuite in Server Hello message
> CVE-2014-3509 - Race condition in ssl_parse_serverhello_tlsext
> CVE-2014-3505 - Double Free when processing DTLS packets
> CVE-2014-3506 - DTLS memory exhaustion
> CVE-2014-3507 - DTLS memory leak from zero-length fragments
> CVE-2014-3510 - OpenSSL DTLS anonymous EC(DH) denial of service
> CVE-2014-3511 - OpenSSL TLS protocol downgrade attack
> CVE-2014-3512 - SRP buffer overrun
>
> Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
> ---
> package/openssl/openssl.mk | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Applied, thanks!
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
More information about the buildroot
mailing list