ViewVC Help
View Directory | Revision Log | View Changeset | Root Listing
root/src/stable
r7549
File Last Change
 ../
0.1/ 6071 (10 years ago) by laffer1: Move RELENG_0_1 to stable/0.1
0.2/ 6070 (10 years ago) by laffer1: Move RELENG_0_2 to stable/0.2
0.3/ 6069 (10 years ago) by laffer1: Move RELENG_0_3 to stable/0.3
0.4/ 6769 (9 years ago) by laffer1: 0.4-RELEASE-p15 20140916: Fix a security issue with TCP SYN. When a segment with the SYN flag for an already existing connection arrives, the TCP stack tears down the connection, bypassing a check that the sequence number in the segment is in the expected window.
0.5/ 6994 (9 years ago) by laffer1: 0.5.11 RELEASE Fix two security vulnerabilities: The previous fix for IGMP had an overflow issue. This has been corrected. ipv6: The Neighbor Discover Protocol allows a local router to advertise a suggested Current Hop Limit value of a link, which will replace Current Hop Limit on an interface connected to the link on the MidnightBSD system. Obtained from: FreeBSD
0.6/ 7336 (8 years ago) by laffer1: In rpcbind(8), netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash the rpcbind(8) daemon.
0.7/ 7546 (8 years ago) by laffer1: OpenSSL security patch The padding check in AES-NI CBC MAC was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes. [CVE-2016-2107] An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. [CVE-2016-2105] An overflow can occur in the EVP_EncryptUpdate() function, however it is believed that there can be no overflows in internal code due to this problem. [CVE-2016-2106] When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. [CVE-2016-2109]
0.8/ 7549 (8 years ago) by laffer1: fix version check
8 directories and 0 files shown