git.libre-soc.org Git - buildroot.git/commit

author	Bernd Kuhls <bernd.kuhls@t-online.de>
	Thu, 22 Sep 2016 17:16:54 +0000 (19:16 +0200)
committer	Peter Korsgaard <peter@korsgaard.com>
	Thu, 22 Sep 2016 19:09:33 +0000 (21:09 +0200)
commit	ba16a7a93edb46db409e51992c265ca7e14c13ff
tree	95f2c1caf7f034bf312c376f55dca352956a3dc7	tree
parent	e79272fa7ff3d66c18de3514b912cd9d68d121a4	commit \| diff

package/openssl: security bump to version 1.0.2i

https://www.openssl.org/news/secadv/20160922.txt

Fixes
SSL_peek() hang on empty record (CVE-2016-6305)
SWEET32 Mitigation (CVE-2016-2183)
OOB write in MDC2_Update() (CVE-2016-6303)
Malformed SHA512 ticket DoS (CVE-2016-6302)
OOB write in BN_bn2dec() (CVE-2016-2182)
OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
Pointer arithmetic undefined behaviour (CVE-2016-2177)
Constant time flag not preserved in DSA signing (CVE-2016-2178)
DTLS buffered message DoS (CVE-2016-2179)
DTLS replay protection DoS (CVE-2016-2181)
Certificate message OOB reads (CVE-2016-6306)
Excessive allocation of memory in tls_get_message_header()
(CVE-2016-6307)
Excessive allocation of memory in dtls1_preprocess_fragment()
(CVE-2016-6308)

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/openssl/openssl.hash		diff \| blob \| history
package/openssl/openssl.mk		diff \| blob \| history