CVS: cvs.openbsd.org: src

Ted Unangst Thu, 19 Mar 2015 07:05:24 -0700

CVSROOT:        /cvs
Module name:    src
Changes by:     t...@cvs.openbsd.org    2015/03/19 08:02:23


Modified files:
        lib/libssl/src/crypto/asn1: Tag: OPENBSD_5_6 a_int.c a_set.c 
                                    a_type.c d2i_pr.c d2i_pu.c n_pkey.c 
                                    tasn_dec.c x_x509.c 
        lib/libssl/src/crypto/ec: Tag: OPENBSD_5_6 ec_asn1.c 
        lib/libssl/src/crypto/pkcs7: Tag: OPENBSD_5_6 pk7_doit.c 
                                     pk7_lib.c 
        lib/libssl/src/crypto/x509: Tag: OPENBSD_5_6 x509_req.c 
        lib/libssl/src/ssl: Tag: OPENBSD_5_6 d1_lib.c 

Log message:
Fix several crash causing defects from OpenSSL.
These include:
CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
CVE-2015-0287 - ASN.1 structure reuse memory corruption
CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref
CVE-2015-0289 - PKCS7 NULL pointer dereferences

Several other issues did not apply or were already fixed.
Refer to https://www.openssl.org/news/secadv_20150319.txt

joint work with beck, doug, guenther, jsing, miod

CVS: cvs.openbsd.org: src

Reply via email to