[Buildroot] [PATCH 1/1] package/openssl: security bump to version 1.0.2i
Peter Korsgaard
peter at korsgaard.com
Thu Sep 22 19:12:19 UTC 2016
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls at t-online.de> writes:
> https://www.openssl.org/news/secadv/20160922.txt
> Fixes
> SSL_peek() hang on empty record (CVE-2016-6305)
> SWEET32 Mitigation (CVE-2016-2183)
> OOB write in MDC2_Update() (CVE-2016-6303)
> Malformed SHA512 ticket DoS (CVE-2016-6302)
> OOB write in BN_bn2dec() (CVE-2016-2182)
> OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
> Pointer arithmetic undefined behaviour (CVE-2016-2177)
> Constant time flag not preserved in DSA signing (CVE-2016-2178)
> DTLS buffered message DoS (CVE-2016-2179)
> DTLS replay protection DoS (CVE-2016-2181)
> Certificate message OOB reads (CVE-2016-6306)
> Excessive allocation of memory in tls_get_message_header()
> (CVE-2016-6307)
> Excessive allocation of memory in dtls1_preprocess_fragment()
> (CVE-2016-6308)
> Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list