[Buildroot] [PATCH v2] openssl: bump to 1.0.0e
Gustavo Zacarias
gustavo at zacarias.com.ar
Mon Sep 12 21:56:21 UTC 2011
On Wed, 07 Sep 2011 14:25:02 +0200, Yegor Yefremov wrote:
> Changes between 1.0.0d and 1.0.0e [6 Sep 2011]
>
> *) Fix bug where CRLs with nextUpdate in the past are sometimes
> accepted
> by initialising X509_STORE_CTX properly. (CVE-2011-3207)
> [Kaspar Brand <ossl at velox.ch>]
>
> *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
> for multi-threaded use of ECDH. (CVE-2011-3210)
> [Adam Langley (Google)]
>
> *) Fix x509_name_ex_d2i memory leak on bad inputs.
> [Bodo Moeller]
>
> *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and
> check
> signature public key algorithm by using OID xref utilities
> instead.
> Before this you could only use some ECC ciphersuites with SHA1
> only.
> [Steve Henson]
>
> *) Add protection against ECDSA timing attacks as mentioned in the
> paper
> by Billy Bob Brumley and Nicola Tuveri, see:
>
> http://eprint.iacr.org/2011/232.pdf
>
> [Billy Bob Brumley and Nicola Tuveri]
>
> Signed-off-by: Yegor Yefremov <yegorslists at googlemail.com>
Acked-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
More information about the buildroot
mailing list