ViewVC Help
| View Changeset | Root Listing
root/src
Jump to revision: Previous Next
Author: laffer1
Date: Tue Sep 9 23:26:28 2014 UTC (9 years, 7 months ago)
Log Message: 
0.4-RELEASE-p14

OpenSSL security patch:

        The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
        to consume large amounts of memory. [CVE-2014-3506]

        The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
        memory. [CVE-2014-3507]

        A flaw in OBJ_obj2txt may cause pretty printing functions such as
        X509_name_oneline, X509_name_print_ex et al. to leak some information from
        the stack. [CVE-2014-3508]

        OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
        a denial of service attack. [CVE-2014-3510]

Changed paths

Path Details
Directorystable/0.4/UPDATING modified , text changed
Directorystable/0.4/crypto/openssl/crypto/asn1/a_object.c modified , text changed
Directorystable/0.4/crypto/openssl/crypto/objects/obj_dat.c modified , text changed
Directorystable/0.4/crypto/openssl/ssl/d1_both.c modified , text changed
Directorystable/0.4/crypto/openssl/ssl/d1_clnt.c modified , text changed
Directorystable/0.4/crypto/openssl/ssl/s23_srvr.c modified , text changed
Directorystable/0.4/crypto/openssl/ssl/s3_clnt.c modified , text changed
Directorystable/0.4/sys/conf/newvers.sh modified , text changed , props changed