[Midnightbsd-cvs] src: /src: A double free exists in the SSL client ECDH handling code,

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Tue Nov 30 09:01:02 EST 2010


Log Message:
-----------
A double free exists in the SSL client ECDH handling code, when
processing specially crafted public keys with invalid prime
numbers. [CVE-2010-2939]

Modified Files:
--------------
    src:
        UPDATING (r1.99 -> r1.100)
        (http://cvsweb.midnightbsd.org/src/UPDATING?r1=1.99&r2=1.100)
    src/crypto/openssl/ssl:
        s3_clnt.c (r1.2 -> r1.3)
        (http://cvsweb.midnightbsd.org/src/crypto/openssl/ssl/s3_clnt.c?r1=1.2&r2=1.3)


More information about the Midnightbsd-cvs mailing list