projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fe95534) | patch
openssl: security bump to version 1.0.1k
authorGustavo Zacarias <gustavo@zacarias.com.ar>
Thu, 8 Jan 2015 19:18:22 +0000 (16:18 -0300)
committerThomas Petazzoni <thomas.petazzoni@free-electrons.com>
Thu, 8 Jan 2015 20:16:53 +0000 (21:16 +0100)
commit04f99f96597375245312d6730ab9a09f9b9e90f5
tree61b0dae50f80bbe7a6a2508f0cf0b70eee50cc76tree
parentfe95534bb4989462334c0607d4a1cae8de88b231commit | diff
openssl: security bump to version 1.0.1k

Fixes:
CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record
CVE-2015-0206 - DTLS memory leak in dtls1_buffer_record
CVE-2014-3569 - no-ssl3 configuration sets method to NULL
CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client]
CVE-2015-0204 - RSA silently downgrades to EXPORT_RSA [Client]
CVE-2015-0205 - DH client certificates accepted without verification
[Server]
CVE-2014-8275 - Certificate fingerprints can be modified
CVE-2014-3570 - Bignum squaring may produce incorrect results

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
package/openssl/openssl.hash diff | blob | history
package/openssl/openssl.mk diff | blob | history