[Bug 198718] [PATCH] security/libressl: update to 2.1.6, fix vulns and default libtls
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Mar 19 19:47:53 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198718
Bug ID: 198718
Summary: [PATCH] security/libressl: update to 2.1.6, fix vulns
and default libtls
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Keywords: patch
Severity: Affects Some People
Priority: ---
Component: Individual Port(s)
Assignee: vsevolod at FreeBSD.org
Reporter: spil.oss at gmail.com
Flags: maintainer-feedback?(vsevolod at FreeBSD.org)
Assignee: vsevolod at FreeBSD.org
Keywords: patch
Created attachment 154535
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=154535&action=edit
svn diff for security/libressl
LibreSSL has released a next version with fixes for
CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
CVE-2015-0287 - ASN.1 structure reuse memory corruption
CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref
CVE-2015-0289 - PKCS7 NULL pointer dereferences
Furthermore, the libtls ABI is declared stable and enabled by default. This is
now fixed.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list