[Midnightbsd-cvs] src: /src: A double free exists in the SSL client ECDH handling code,
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Tue Nov 30 09:01:02 EST 2010
Log Message:
-----------
A double free exists in the SSL client ECDH handling code, when
processing specially crafted public keys with invalid prime
numbers. [CVE-2010-2939]
Modified Files:
--------------
src:
UPDATING (r1.99 -> r1.100)
(http://cvsweb.midnightbsd.org/src/UPDATING?r1=1.99&r2=1.100)
src/crypto/openssl/ssl:
s3_clnt.c (r1.2 -> r1.3)
(http://cvsweb.midnightbsd.org/src/crypto/openssl/ssl/s3_clnt.c?r1=1.2&r2=1.3)
More information about the Midnightbsd-cvs
mailing list