File
|
Last Change |
|---|---|
branches/
|
6420 (10 years ago) by laffer1: branch moved |
|
release/
|
6957 (9 years ago) by laffer1: 0.5.7 RELEASE Fix a security issue with file and libmagic that can allow an attacker to create a denial of service attack on any program that uses libmagic. |
|
stable/
|
6961 (9 years ago) by laffer1: 0.5.8 RELEASE Fix several security issues with OpenSSL. A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. [CVE-2014-3571] A memory leak can occur in the dtls1_buffer_record function under certain conditions. [CVE-2015-0206] When OpenSSL is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference. [CVE-2014-3569] An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. [CVE-2014-3572] An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. [CVE-2015-0204] An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. [CVE-2015-0205] OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. [CVE-2014-8275] Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. [CVE-2014-3570] |
|
svnadmin/
|
6424 (10 years ago) by laffer1: set props |
|
trunk/
|
6960 (9 years ago) by laffer1: happy new year |
|
vendor/
|
6931 (9 years ago) by laffer1: tag tzdata 2014i |
|
vendor-crypto/
|
6896 (9 years ago) by laffer1: tag 0.9.8zc |