]> rtime.felk.cvut.cz Git - coffee/buildroot.git/commitdiff
projects / coffee / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 595300f)
openssl: security bump to version 1.0.1i
authorGustavo Zacarias <gustavo@zacarias.com.ar>
Thu, 7 Aug 2014 12:30:43 +0000 (09:30 -0300)
committerThomas Petazzoni <thomas.petazzoni@free-electrons.com>
Thu, 7 Aug 2014 20:13:14 +0000 (22:13 +0200)
Fixes:
CVE-2014-3508 - Information leak in pretty printing functions
CVE-2014-5139 - Crash with SRP ciphersuite in Server Hello message
CVE-2014-3509 - Race condition in ssl_parse_serverhello_tlsext
CVE-2014-3505 - Double Free when processing DTLS packets
CVE-2014-3506 - DTLS memory exhaustion
CVE-2014-3507 - DTLS memory leak from zero-length fragments
CVE-2014-3510 - OpenSSL DTLS anonymous EC(DH) denial of service
CVE-2014-3511 - OpenSSL TLS protocol downgrade attack
CVE-2014-3512 - SRP buffer overrun

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
package/openssl/openssl.mk patch | blob | history

diff --git a/package/openssl/openssl.mk b/package/openssl/openssl.mk
index 7e49a6503e82dfe9724457b28c6113fd6da46d0a..4911034078e54e745deac06acc0bb36d9be8b4aa 100644 (file)
--- a/package/openssl/openssl.mk
+++ b/package/openssl/openssl.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-OPENSSL_VERSION = 1.0.1h
+OPENSSL_VERSION = 1.0.1i
 OPENSSL_SITE = http://www.openssl.org/source
 OPENSSL_LICENSE = OpenSSL or SSLeay
 OPENSSL_LICENSE_FILES = LICENSE