← Back to branch summary

~ubuntu-branches/ubuntu/saucy/openssl/saucy-updates

Viewing all changes in revision 100.

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2014-06-02 14:04:18 UTC
  • Revision ID: package-import@ubuntu.com-20140602140418-dqvnbkq84w1airyw
Tags: 1.0.1e-3ubuntu1.4
* SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment
  - debian/patches/CVE-2014-0195.patch: add consistency check for DTLS
    fragments in ssl/d1_both.c.
  - CVE-2014-0195
* SECURITY UPDATE: denial of service via DTLS recursion flaw
  - debian/patches/CVE-2014-0221.patch: handle DTLS hello request without
    recursion in ssl/d1_both.c.
  - CVE-2014-0221
* SECURITY UPDATE: MITM via change cipher spec
  - debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec
    when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c,
    ssl/ssl3.h.
  - debian/patches/CVE-2014-0224-2.patch: don't accept zero length master
    secrets in ssl/s3_pkt.c.
  - debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in
    ssl/s3_clnt.c.
  - CVE-2014-0224
* SECURITY UPDATE: denial of service via ECDH null session cert
  - debian/patches/CVE-2014-3470.patch: check session_cert is not NULL
    before dereferencing it in ssl/s3_clnt.c.
  - CVE-2014-3470

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: