[Pkg-openssl-changes] r458 - in openssl/trunk/debian: . patches

[Kurt Roeckx]

Author: kroeckx
Date: 2010-08-26 16:27:22 +0000 (Thu, 26 Aug 2010)
New Revision: 458

Added:
   openssl/trunk/debian/patches/CVE-2010-2939.patch
Modified:
   openssl/trunk/debian/changelog
   openssl/trunk/debian/patches/series
Log:
Fix CVE-2010-2939


Modified: openssl/trunk/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog	2010-06-06 17:32:38 UTC (rev 457)
+++ openssl/trunk/debian/changelog	2010-08-26 16:27:22 UTC (rev 458)
@@ -1,3 +1,9 @@
+openssl (0.9.8o-2) unstable; urgency=low
+
+  * Fix CVE-2010-2939: Double free using ECDH. (Closes: #594415)
+
+ -- Kurt Roeckx <kurt at roeckx.be>  Thu, 26 Aug 2010 18:25:29 +0200
+
 openssl (0.9.8o-1) unstable; urgency=low
 
   * New upstream version

Added: openssl/trunk/debian/patches/CVE-2010-2939.patch
===================================================================
--- openssl/trunk/debian/patches/CVE-2010-2939.patch	                        (rev 0)
+++ openssl/trunk/debian/patches/CVE-2010-2939.patch	2010-08-26 16:27:22 UTC (rev 458)
@@ -0,0 +1,10 @@
+--- E:/dev/libraries/openssl-1.0.latest/ssl/s3_clnt.c.original	Sun Feb 28 01:24:24 2010
++++ E:/dev/libraries/openssl-1.0.latest/ssl/s3_clnt.c	Sun Aug  8 14:49:30 2010
+@@ -1508,6 +1508,7 @@
+ 		s->session->sess_cert->peer_ecdh_tmp=ecdh;
+ 		ecdh=NULL;
+ 		BN_CTX_free(bn_ctx);
++		bn_ctx = NULL;
+ 		EC_POINT_free(srvr_ecpoint);
+ 		srvr_ecpoint = NULL;
+ 		}

Modified: openssl/trunk/debian/patches/series
===================================================================
--- openssl/trunk/debian/patches/series	2010-06-06 17:32:38 UTC (rev 457)
+++ openssl/trunk/debian/patches/series	2010-08-26 16:27:22 UTC (rev 458)
@@ -18,3 +18,4 @@
 stddef.patch
 version-script.patch
 perl-path.diff
+CVE-2010-2939.patch