cvs commit: src/crypto/openssl/ssl - Imported sources
Simon L. Nielsen
simon at FreeBSD.org
Thu Oct 18 13:19:34 PDT 2007
simon 2007-10-18 20:19:34 UTC
FreeBSD src repository
src/crypto/openssl/ssl - Imported sources
Update of /home/ncvs/src/crypto/openssl/ssl
In directory repoman.freebsd.org:/tmp/cvs-serv960
Log Message:
Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch.
From the OpenSSL advisory:
Andy Polyakov discovered a flaw in OpenSSL's DTLS
implementation which could lead to the compromise of clients
and servers with DTLS enabled.
DTLS is a datagram variant of TLS specified in RFC 4347 first
supported in OpenSSL version 0.9.8. Note that the
vulnerabilities do not affect SSL and TLS so only clients and
servers explicitly using DTLS are affected.
We believe this flaw will permit remote code execution.
Security: CVE-2007-4995
Security: http://www.openssl.org/news/secadv_20071012.txt
Status:
Vendor Tag: OPENSSL
Release Tags: b0_9_8-20071018
U src/crypto/openssl/ssl/d1_both.c
U src/crypto/openssl/ssl/dtls1.h
U src/crypto/openssl/ssl/ssl.h
U src/crypto/openssl/ssl/ssl_err.c
No conflicts created by this import
More information about the cvs-src
mailing list