diff options
| author | Adrien Nader <adrien@notk.org> | 2015-01-09 20:09:50 +0100 |
|---|---|---|
| committer | Adrien Nader <adrien@notk.org> | 2015-01-09 20:09:50 +0100 |
| commit | 205c4743b095b6b946aa480fd123cf565903de99 (patch) | |
| tree | 953d5473d5d50ead5dc9c2f9f82e1d8a7646993c /n/openssl/openssl0/openssl-0.9.8zd.tar.gz.asc | |
| parent | 506c39cf96580a36cdecb054059ab37d8d3fdf65 (diff) | |
Fri Jan 9 17:47:53 UTC 2015
a/openssl-solibs-1.0.1k-x86_64-1.txz: Upgraded.
(* Security fix *)
n/openssl-1.0.1k-x86_64-1.txz: Upgraded.
This update fixes several security issues:
DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
no-ssl3 configuration sets method to NULL (CVE-2014-3569)
ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
DH client certificates accepted without verification [Server] (CVE-2015-0205)
Certificate fingerprints can be modified (CVE-2014-8275)
Bignum squaring may produce incorrect results (CVE-2014-3570)
For more information, see:
https://www.openssl.org/news/secadv_20150108.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
(* Security fix *)
xap/fluxbox-1.3.6-x86_64-1.txz: Upgraded.
Diffstat (limited to 'n/openssl/openssl0/openssl-0.9.8zd.tar.gz.asc')
| -rw-r--r-- | n/openssl/openssl0/openssl-0.9.8zd.tar.gz.asc | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/n/openssl/openssl0/openssl-0.9.8zd.tar.gz.asc b/n/openssl/openssl0/openssl-0.9.8zd.tar.gz.asc new file mode 100644 index 0000000..ae9dcca --- /dev/null +++ b/n/openssl/openssl0/openssl-0.9.8zd.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAABAgAGBQJUrpVNAAoJENnE0m0OYESRU8gH/1CrBXxPBd5xdixxZfp5g3F1 +6VPUHcnBk/Q8jFeD8LGfsdZ4vAQhsg6hLdCSyNSNbkLOw86ec/lKhMzgnnWGtSXW +N7Pr93PU6mSVd/kEBg0m3JQNNyQbHPT0pkIDgJ2pyofx9ulIGhzGQhOZ5MY69du1 +NKrMGqufwH6K9KZpONnZCp9I3PSWPKDj67M04mmvdHlmrXTXqy6ErtayS57G5+it +YFc1SfFWFz+I/RI470Yw/GI2lklbouxG7XvADLXAqXBw2b8I3HYGag0MVNmRnwpG +D6rjYX2k1Z2X8mghiWTn35YYCmy1qpdZ9YCDrRBhcRiFsLEZ+V+6djo0wXMKXfM= +=wrb0 +-----END PGP SIGNATURE----- |