[Buildroot] [PATCH 1/1] package/openssl: security bump to version 1.0.2i

Peter Korsgaard peter at korsgaard.com
Thu Sep 22 19:12:19 UTC 2016


>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls at t-online.de> writes:

 > https://www.openssl.org/news/secadv/20160922.txt
 > Fixes
 > SSL_peek() hang on empty record (CVE-2016-6305)
 > SWEET32 Mitigation (CVE-2016-2183)
 > OOB write in MDC2_Update() (CVE-2016-6303)
 > Malformed SHA512 ticket DoS (CVE-2016-6302)
 > OOB write in BN_bn2dec() (CVE-2016-2182)
 > OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
 > Pointer arithmetic undefined behaviour (CVE-2016-2177)
 > Constant time flag not preserved in DSA signing (CVE-2016-2178)
 > DTLS buffered message DoS (CVE-2016-2179)
 > DTLS replay protection DoS (CVE-2016-2181)
 > Certificate message OOB reads (CVE-2016-6306)
 > Excessive allocation of memory in tls_get_message_header()
 >   (CVE-2016-6307)
 > Excessive allocation of memory in dtls1_preprocess_fragment()
 >   (CVE-2016-6308)

 > Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>

Committed, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list