Viewing all changes in revision 23.
- Committer: Bazaar Package Importer
- Date: 2008-06-19 14:35:20 UTC
- Revision ID: james.westby@ubuntu.com-20080619143520-e9o7cegvls7ozkz5
* SECURITY UPDATE: fix denial of service when 'Server Key exchange message'
is omitted from a TLS handshake
* ssl/s3_clnt.c: make sure s->session->sess_cert is not NULL
* SECURITY UPDATE: fix denial of service when using tlsext. Note that
this version of openssl does not use tlsext by default.
* ssl/t1_lib.c: make sure s->session->tlsext_hostname is set to NULL to
prevent double free.
* References
CVE-2008-1672
CVE-2008-0891
LP: #235913
is omitted from a TLS handshake
* ssl/s3_clnt.c: make sure s->session->sess_cert is not NULL
* SECURITY UPDATE: fix denial of service when using tlsext. Note that
this version of openssl does not use tlsext by default.
* ssl/t1_lib.c: make sure s->session->tlsext_hostname is set to NULL to
prevent double free.
* References
CVE-2008-1672
CVE-2008-0891
LP: #235913
- files modified:
- debian/changelog
expand all
collapse all
added
removed
