[Pkg-openssl-changes] r481 - in openssl/branches: . squeeze/debian squeeze/debian/patches

Kurt Roeckx kroeckx at alioth.debian.org
Thu Feb 10 19:09:07 UTC 2011 

Author: kroeckx
Date: 2011-02-10 19:09:01 +0000 (Thu, 10 Feb 2011)
New Revision: 481

Added:
   openssl/branches/squeeze/
   openssl/branches/squeeze/debian/patches/CVE-2011-0014.patch
Modified:
   openssl/branches/squeeze/debian/changelog
   openssl/branches/squeeze/debian/patches/series
Log:
Fix OCSP stapling parse error (CVE-2011-0014)


Modified: openssl/branches/squeeze/debian/changelog
===================================================================
--- openssl/tags/0.9.8o-4/debian/changelog	2010-12-14 21:31:35 UTC (rev 476)
+++ openssl/branches/squeeze/debian/changelog	2011-02-10 19:09:01 UTC (rev 481)
@@ -1,3 +1,9 @@
+openssl (0.9.8o-4squeeze1) unstable; urgency=low
+
+  * Fix OCSP stapling parse error (CVE-2011-0014)
+
+ -- Kurt Roeckx <kurt at roeckx.be>  Thu, 10 Feb 2011 19:06:09 +0100
+
 openssl (0.9.8o-4) unstable; urgency=low
 
   * Fix CVE-2010-4180 (Closes: #529221)

Added: openssl/branches/squeeze/debian/patches/CVE-2011-0014.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/CVE-2011-0014.patch	                        (rev 0)
+++ openssl/branches/squeeze/debian/patches/CVE-2011-0014.patch	2011-02-10 19:09:01 UTC (rev 481)
@@ -0,0 +1,27 @@
+--- a/ssl/t1_lib.c	25 Nov 2010 12:28:28 -0000	1.64.2.17
++++ b/ssl/t1_lib.c	8 Feb 2011 00:00:00 -0000
+@@ -917,6 +917,7 @@
+ 						}
+ 					n2s(data, idsize);
+ 					dsize -= 2 + idsize;
++					size -= 2 + idsize;
+ 					if (dsize < 0)
+ 						{
+ 						*al = SSL_AD_DECODE_ERROR;
+@@ -955,9 +956,14 @@
+ 					}
+ 
+ 				/* Read in request_extensions */
++				if (size < 2)
++					{
++					*al = SSL_AD_DECODE_ERROR;
++					return 0;
++					}
+ 				n2s(data,dsize);
+ 				size -= 2;
+-				if (dsize > size) 
++				if (dsize != size)
+ 					{
+ 					*al = SSL_AD_DECODE_ERROR;
+ 					return 0;
+

Modified: openssl/branches/squeeze/debian/patches/series
===================================================================
--- openssl/tags/0.9.8o-4/debian/patches/series	2010-12-14 21:31:35 UTC (rev 476)
+++ openssl/branches/squeeze/debian/patches/series	2011-02-10 19:09:01 UTC (rev 481)
@@ -21,3 +21,4 @@
 CVE-2010-2939.patch
 CVE-2010-3864.patch
 CVE-2010-4180.patch
+CVE-2011-0014.patch

More information about the Pkg-openssl-changes mailing list