Date: Sun, 13 Feb 2011 10:24:36 +0000 (UTC) From: "Simon L. Nielsen" <simon@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/crypto/openssl/ssl t1_lib.c Message-ID: <201102131024.p1DAOo68092852@repoman.freebsd.org>
index | next in thread | raw e-mail
simon 2011-02-13 10:24:36 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_7)
crypto/openssl/ssl t1_lib.c
Log:
SVN rev 218634 on 2011-02-13 10:24:36Z by simon
MFC 218625:
Fix Incorrectly formatted ClientHello SSL/TLS handshake messages could
cause OpenSSL to parse past the end of the message.
Note: Applications are only affected if they act as a server and call
SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes
Apache httpd >= 2.3.3, if configured with "SSLUseStapling On".
The very quick MFC is done to get this fix into 7.4 / 8.2.
Discussed with: re
Approved by: so (simon, for "instant" MFC)
Obtained from: OpenSSL CVS
Security: http://www.openssl.org/news/secadv_20110208.txt
Security: CVE-2011-0014
Revision Changes Path
1.1.1.4.2.2 +7 -1 src/crypto/openssl/ssl/t1_lib.c
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201102131024.p1DAOo68092852>