[Buildroot] [PATCH] openssl: security bump to version 1.0.2b

Thomas Petazzoni thomas.petazzoni at free-electrons.com
Fri Jun 12 19:29:39 UTC 2015


Dear Gustavo Zacarias,

On Fri, 12 Jun 2015 08:35:59 -0300, Gustavo Zacarias wrote:
> CVE-2015-1790 - PKCS7 crash with missing EnvelopedContent
> CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
> CVE-2015-1788 - Malformed ECParameters causes infinite loop
> CVE-2015-1792 - CMS verify infinite loop with unknown hash function
> CVE-2015-1791 - Race condition handling NewSessionTicket
> 
> Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
> ---
>  ...-match-commands-starting-with-minus-inste.patch | 27 ----------------------
>  package/openssl/openssl.hash                       |  8 +++----
>  package/openssl/openssl.mk                         |  2 +-
>  3 files changed, 5 insertions(+), 32 deletions(-)
>  delete mode 100644 package/openssl/005-Make-c_rehash-match-commands-starting-with-minus-inste.patch

Applied, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com


More information about the buildroot mailing list