[Pkg-openssl-changes] r481 - in openssl/branches: . squeeze/debian squeeze/debian/patches
Kurt Roeckx
kroeckx at alioth.debian.org
Thu Feb 10 19:09:07 UTC 2011
Author: kroeckx
Date: 2011-02-10 19:09:01 +0000 (Thu, 10 Feb 2011)
New Revision: 481
Added:
openssl/branches/squeeze/
openssl/branches/squeeze/debian/patches/CVE-2011-0014.patch
Modified:
openssl/branches/squeeze/debian/changelog
openssl/branches/squeeze/debian/patches/series
Log:
Fix OCSP stapling parse error (CVE-2011-0014)
Modified: openssl/branches/squeeze/debian/changelog
===================================================================
--- openssl/tags/0.9.8o-4/debian/changelog 2010-12-14 21:31:35 UTC (rev 476)
+++ openssl/branches/squeeze/debian/changelog 2011-02-10 19:09:01 UTC (rev 481)
@@ -1,3 +1,9 @@
+openssl (0.9.8o-4squeeze1) unstable; urgency=low
+
+ * Fix OCSP stapling parse error (CVE-2011-0014)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 10 Feb 2011 19:06:09 +0100
+
openssl (0.9.8o-4) unstable; urgency=low
* Fix CVE-2010-4180 (Closes: #529221)
Added: openssl/branches/squeeze/debian/patches/CVE-2011-0014.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/CVE-2011-0014.patch (rev 0)
+++ openssl/branches/squeeze/debian/patches/CVE-2011-0014.patch 2011-02-10 19:09:01 UTC (rev 481)
@@ -0,0 +1,27 @@
+--- a/ssl/t1_lib.c 25 Nov 2010 12:28:28 -0000 1.64.2.17
++++ b/ssl/t1_lib.c 8 Feb 2011 00:00:00 -0000
+@@ -917,6 +917,7 @@
+ }
+ n2s(data, idsize);
+ dsize -= 2 + idsize;
++ size -= 2 + idsize;
+ if (dsize < 0)
+ {
+ *al = SSL_AD_DECODE_ERROR;
+@@ -955,9 +956,14 @@
+ }
+
+ /* Read in request_extensions */
++ if (size < 2)
++ {
++ *al = SSL_AD_DECODE_ERROR;
++ return 0;
++ }
+ n2s(data,dsize);
+ size -= 2;
+- if (dsize > size)
++ if (dsize != size)
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+
Modified: openssl/branches/squeeze/debian/patches/series
===================================================================
--- openssl/tags/0.9.8o-4/debian/patches/series 2010-12-14 21:31:35 UTC (rev 476)
+++ openssl/branches/squeeze/debian/patches/series 2011-02-10 19:09:01 UTC (rev 481)
@@ -21,3 +21,4 @@
CVE-2010-2939.patch
CVE-2010-3864.patch
CVE-2010-4180.patch
+CVE-2011-0014.patch
More information about the Pkg-openssl-changes
mailing list