[simon@FreeBSD.org: cvs commit: src/crypto/openssl/ssl d1_both.c dtls1.h ssl.h ssl_err.c]
- From: "Simon L. Nielsen" <simon@xxxxxxxxxxx>
- Date: Fri, 19 Oct 2007 00:37:24 +0200
Hey,
RELENG_7 isn't -STABLE yet, so the issue mention in the commit mail
beolow will not get a Security Advisory. This only affects
applications using DTLS, and I doubt there are many of those, but
users should still upgrade to get this fix, just in case.
See the OpenSSL advisory for some more details:
http://www.openssl.org/news/secadv_20071012.txt
If anybody were wondering, and hadn't checked the OpenSSL advisory:
older versions of FreeBSD aren't affected as they have OpenSSL 0.9.7
which isn't affected (it doesn't have DTLS support).
----- Forwarded message from "Simon L. Nielsen" <simon@xxxxxxxxxxx> -----
From: "Simon L. Nielsen" <simon@xxxxxxxxxxx>
Date: Thu, 18 Oct 2007 22:20:04 +0000 (UTC)
To: src-committers@xxxxxxxxxxx, cvs-src@xxxxxxxxxxx, cvs-all@xxxxxxxxxxx
Subject: cvs commit: src/crypto/openssl/ssl d1_both.c dtls1.h ssl.h
ssl_err.c
simon 2007-10-18 22:20:04 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_7)
crypto/openssl/ssl d1_both.c dtls1.h ssl.h ssl_err.c
Log:
MFC: Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch.
Security: CVE-2007-4995
Security: http://www.openssl.org/news/secadv_20071012.txt
Approved by: re (kensmith)
Revision Changes Path
1.1.1.1.2.1 +533 -605 src/crypto/openssl/ssl/d1_both.c
1.1.1.1.2.1 +3 -4 src/crypto/openssl/ssl/dtls1.h
1.1.1.16.2.1 +1 -0 src/crypto/openssl/ssl/ssl.h
1.1.1.11.2.1 +1 -0 src/crypto/openssl/ssl/ssl_err.c
----- End forwarded message -----
--
Simon L. Nielsen
FreeBSD Deputy Security Officer
Attachment:
pgp0adhUhYNrj.pgp
Description: PGP signature
- Prev by Date: www/drupal4 and www/drupal5: Multiple security vulnerabilities
- Next by Date: FreeBSD 6.2 EoL =~ s/January/May/
- Previous by thread: www/drupal4 and www/drupal5: Multiple security vulnerabilities
- Next by thread: FreeBSD 6.2 EoL =~ s/January/May/
- Index(es):
Relevant Pages
|
|
