[Pkg-openssl-changes] r458 - in openssl/trunk/debian: . patches
Kurt Roeckx
kroeckx at alioth.debian.org
Thu Aug 26 16:27:30 UTC 2010
Author: kroeckx
Date: 2010-08-26 16:27:22 +0000 (Thu, 26 Aug 2010)
New Revision: 458
Added:
openssl/trunk/debian/patches/CVE-2010-2939.patch
Modified:
openssl/trunk/debian/changelog
openssl/trunk/debian/patches/series
Log:
Fix CVE-2010-2939
Modified: openssl/trunk/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog 2010-06-06 17:32:38 UTC (rev 457)
+++ openssl/trunk/debian/changelog 2010-08-26 16:27:22 UTC (rev 458)
@@ -1,3 +1,9 @@
+openssl (0.9.8o-2) unstable; urgency=low
+
+ * Fix CVE-2010-2939: Double free using ECDH. (Closes: #594415)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 26 Aug 2010 18:25:29 +0200
+
openssl (0.9.8o-1) unstable; urgency=low
* New upstream version
Added: openssl/trunk/debian/patches/CVE-2010-2939.patch
===================================================================
--- openssl/trunk/debian/patches/CVE-2010-2939.patch (rev 0)
+++ openssl/trunk/debian/patches/CVE-2010-2939.patch 2010-08-26 16:27:22 UTC (rev 458)
@@ -0,0 +1,10 @@
+--- E:/dev/libraries/openssl-1.0.latest/ssl/s3_clnt.c.original Sun Feb 28 01:24:24 2010
++++ E:/dev/libraries/openssl-1.0.latest/ssl/s3_clnt.c Sun Aug 8 14:49:30 2010
+@@ -1508,6 +1508,7 @@
+ s->session->sess_cert->peer_ecdh_tmp=ecdh;
+ ecdh=NULL;
+ BN_CTX_free(bn_ctx);
++ bn_ctx = NULL;
+ EC_POINT_free(srvr_ecpoint);
+ srvr_ecpoint = NULL;
+ }
Modified: openssl/trunk/debian/patches/series
===================================================================
--- openssl/trunk/debian/patches/series 2010-06-06 17:32:38 UTC (rev 457)
+++ openssl/trunk/debian/patches/series 2010-08-26 16:27:22 UTC (rev 458)
@@ -18,3 +18,4 @@
stddef.patch
version-script.patch
perl-path.diff
+CVE-2010-2939.patch
More information about the Pkg-openssl-changes
mailing list