Reviewed and Tested by Robert Yang <[email protected]>

// Robert

On 04/09/2014 02:15 AM, Paul Eggleton wrote:
Three backports for CVE fixes from master, plus one new fix for the
latest CVE (CVE-2014-0160). The latter is not needed for master with
Cristiana's upgrade to version 1.0.1g sent out today.


The following changes since commit 590c2135858bb5d0cfc375c0d82ca610550ccd4a:

   Revert "buildhistory_analysis: fix error when comparing image contents" 
(2014-04-04 16:16:39 +0100)

are available in the git repository at:

   git://git.openembedded.org/openembedded-core-contrib paule/openssl-cves
   
http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=paule/openssl-cves

Paul Eggleton (1):
   openssl: backport fix for CVE-2014-0160

Yue Tao (3):
   Security Advisory - openssl - CVE-2013-4353
   Security Advisory - openssl - CVE-2013-6450
   Security Advisory - openssl - CVE-2013-6449

  ...DTLS-retransmission-from-previous-session.patch |  81 ++++++++++++++
  ...or-TLS-record-tampering-bug-CVE-2013-4353.patch |  31 ++++++
  ...e-version-in-SSL_METHOD-not-SSL-structure.patch |  33 ++++++
  .../openssl/openssl-1.0.1e/CVE-2014-0160.patch     | 118 +++++++++++++++++++++
  .../recipes-connectivity/openssl/openssl_1.0.1e.bb |   4 +
  5 files changed, 267 insertions(+)
  create mode 100644 
meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch
  create mode 100644 
meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch
  create mode 100644 
meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch
  create mode 100644 
meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch

--
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Reply via email to