Date: Thu, 18 Oct 2007 20:19:34 +0000 (UTC) From: "Simon L. Nielsen" <simon@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/crypto/openssl/ssl - Imported sources Message-ID: <200710182019.l9IKJYMO000978@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
simon 2007-10-18 20:19:34 UTC FreeBSD src repository src/crypto/openssl/ssl - Imported sources Update of /home/ncvs/src/crypto/openssl/ssl In directory repoman.freebsd.org:/tmp/cvs-serv960 Log Message: Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch. From the OpenSSL advisory: Andy Polyakov discovered a flaw in OpenSSL's DTLS implementation which could lead to the compromise of clients and servers with DTLS enabled. DTLS is a datagram variant of TLS specified in RFC 4347 first supported in OpenSSL version 0.9.8. Note that the vulnerabilities do not affect SSL and TLS so only clients and servers explicitly using DTLS are affected. We believe this flaw will permit remote code execution. Security: CVE-2007-4995 Security: http://www.openssl.org/news/secadv_20071012.txt Status: Vendor Tag: OPENSSL Release Tags: b0_9_8-20071018 U src/crypto/openssl/ssl/d1_both.c U src/crypto/openssl/ssl/dtls1.h U src/crypto/openssl/ssl/ssl.h U src/crypto/openssl/ssl/ssl_err.c No conflicts created by this import
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200710182019.l9IKJYMO000978>