Three backports for CVE fixes from master, plus one new fix for the latest CVE (CVE-2014-0160). The latter is not needed for master with Cristiana's upgrade to version 1.0.1g sent out today.
The following changes since commit 590c2135858bb5d0cfc375c0d82ca610550ccd4a: Revert "buildhistory_analysis: fix error when comparing image contents" (2014-04-04 16:16:39 +0100) are available in the git repository at: git://git.openembedded.org/openembedded-core-contrib paule/openssl-cves http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=paule/openssl-cves Paul Eggleton (1): openssl: backport fix for CVE-2014-0160 Yue Tao (3): Security Advisory - openssl - CVE-2013-4353 Security Advisory - openssl - CVE-2013-6450 Security Advisory - openssl - CVE-2013-6449 ...DTLS-retransmission-from-previous-session.patch | 81 ++++++++++++++ ...or-TLS-record-tampering-bug-CVE-2013-4353.patch | 31 ++++++ ...e-version-in-SSL_METHOD-not-SSL-structure.patch | 33 ++++++ .../openssl/openssl-1.0.1e/CVE-2014-0160.patch | 118 +++++++++++++++++++++ .../recipes-connectivity/openssl/openssl_1.0.1e.bb | 4 + 5 files changed, 267 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch -- 1.9.0 -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
