Re: git: e0c4386e7e71 - main - OpenSSL: Vendor import of OpenSSL 3.0.13

Herbert J. Skuhra Fri, 02 Feb 2024 16:24:53 -0800

On Fri, Feb 02, 2024 at 09:22:08PM +0000, Cy Schubert wrote:
> The branch main has been updated by cy:
> 
> URL: 
> https://cgit.FreeBSD.org/src/commit/?id=e0c4386e7e71d93b0edc0c8fa156263fc4a8b0b6
> 
> commit e0c4386e7e71d93b0edc0c8fa156263fc4a8b0b6
> Merge: fbae308319b7 9dd13e84fa8e
> Author:     Cy Schubert <[email protected]>
> AuthorDate: 2024-02-02 21:10:22 +0000
> Commit:     Cy Schubert <[email protected]>
> CommitDate: 2024-02-02 21:21:36 +0000
> 
>     OpenSSL: Vendor import of OpenSSL 3.0.13
>     
>      * Fixed PKCS12 Decoding crashes ([CVE-2024-0727])
>      * Fixed Excessive time spent checking invalid RSA public keys
>        ([CVE-2023-6237])
>      * Fixed POLY1305 MAC implementation corrupting vector registers on
>        PowerPC CPUs which support PowerISA 2.07 ([CVE-2023-6129])
>      * Fix excessive time spent in DH check / generation with large Q
>        parameter value ([CVE-2023-5678])
>     
>     Release notes can be found at
>                 https://www.openssl.org/news/openssl-3.0-notes.html.
>     
>     Approved by:    emaste
>     MFC after:      3 days
>     
>     Merge commit '9dd13e84fa8eca8f3462bd55485aa3da8c37f54a'


crypto/openssl/include/openssl/opensslv.h was not updated:

% openssl version
OpenSSL 3.0.12 24 Oct 2023 (Library: OpenSSL 3.0.12 24 Oct 2023

-- 
Herbert

Re: git: e0c4386e7e71 - main - OpenSSL: Vendor import of OpenSSL 3.0.13

Reply via email to