Date: Thu, 19 Mar 2015 19:47:53 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 198718] [PATCH] security/libressl: update to 2.1.6, fix vulns and default libtls Message-ID: <bug-198718-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198718 Bug ID: 198718 Summary: [PATCH] security/libressl: update to 2.1.6, fix vulns and default libtls Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: vsevolod@FreeBSD.org Reporter: spil.oss@gmail.com Flags: maintainer-feedback?(vsevolod@FreeBSD.org) Assignee: vsevolod@FreeBSD.org Keywords: patch Created attachment 154535 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=154535&action=edit svn diff for security/libressl LibreSSL has released a next version with fixes for CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref CVE-2015-0289 - PKCS7 NULL pointer dereferences Furthermore, the libtls ABI is declared stable and enabled by default. This is now fixed. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-198718-13>