[packages/openssl102: 418/432] OpenSSL 1.0.2i [22 Sep 2016]; SWEET32 mitigation and typical CVE fixes
adwol
adwol at pld-linux.org
Sat Sep 29 01:36:41 CEST 2018
commit 02ab0068b02e3708f828e319dbb5eb7abaa9e067
Author: Elan Ruusamäe <glen at delfi.ee>
Date: Thu Sep 22 20:58:56 2016 +0300
OpenSSL 1.0.2i [22 Sep 2016]; SWEET32 mitigation and typical CVE fixes
- OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
- SWEET32 Mitigation (CVE-2016-2183)
- OOB write in MDC2_Update() (CVE-2016-6303)
- Malformed SHA512 ticket DoS (CVE-2016-6302)
- OOB write in BN_bn2dec() (CVE-2016-2182)
- OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
- Pointer arithmetic undefined behaviour (CVE-2016-2177)
- Constant time flag not preserved in DSA signing (CVE-2016-2178)
- DTLS buffered message DoS (CVE-2016-2179)
- DTLS replay protection DoS (CVE-2016-2181)
- Certificate message OOB reads (CVE-2016-6306)
https://www.openssl.org/news/openssl-1.0.2-notes.html
openssl.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
---
diff --git a/openssl.spec b/openssl.spec
index 23ccce1..0d140d6 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -30,7 +30,7 @@ License: Apache-like
Group: Libraries
%if %{without snap}
Source0: https://www.openssl.org/source/%{name}-%{version}.tar.gz
-# Source0-md5: 9392e65072ce4b614c1392eefc1f23d0
+# Source0-md5: 678374e63f8df456a697d3e5e5a931fb
%else
Source1: https://github.com/openssl/openssl/archive/OpenSSL_1_0_2-stable/%{name}-%{version}-dev.tar.gz
%endif
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/openssl102.git/commitdiff/9fc1b1b87b259e8a327c99835865e91a391efc9e
More information about the pld-cvs-commit
mailing list