[Buildroot] [PATCH] openssl: security bump to version 1.0.1j

Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed

* [Buildroot] [PATCH] openssl: security bump to version 1.0.1j
@ 2014-10-16 12:57 Gustavo Zacarias
  2014-10-17  9:32 ` Peter Korsgaard
  0 siblings, 1 reply; 2+ messages in thread
From: Gustavo Zacarias @ 2014-10-16 12:57 UTC (permalink / raw)
  To: buildroot

Fixes:
CVE-2014-3513 - SRTP memory leak
CVE-2014-3567 - Session ticket memory leak
CVE-2014-3568 - Build option no-ssl3 is incomplete
And adds SSL3 fallback protection against POODLE.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 package/openssl/openssl.hash | 8 ++++----
 package/openssl/openssl.mk   | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package/openssl/openssl.hash b/package/openssl/openssl.hash
index aa45a76..22b1529 100644
--- a/package/openssl/openssl.hash
+++ b/package/openssl/openssl.hash
@@ -1,4 +1,4 @@
-# From https://www.openssl.org/source/openssl-1.0.1i.tar.gz.md5
-# From https://www.openssl.org/source/openssl-1.0.1i.tar.gz.sha1
-md5	c8dc151a671b9b92ff3e4c118b174972	openssl-1.0.1i.tar.gz
-sha1	74eed314fa2c93006df8d26cd9fc630a101abd76	openssl-1.0.1i.tar.gz
+# From https://www.openssl.org/source/openssl-1.0.1j.tar.gz.md5
+# From https://www.openssl.org/source/openssl-1.0.1j.tar.gz.sha1
+md5	f7175c9cd3c39bb1907ac8bba9df8ed3	openssl-1.0.1j.tar.gz
+sha1	cff86857507624f0ad42d922bb6f77c4f1c2b819	openssl-1.0.1j.tar.gz
diff --git a/package/openssl/openssl.mk b/package/openssl/openssl.mk
index 4911034..7c1c7f0 100644
--- a/package/openssl/openssl.mk
+++ b/package/openssl/openssl.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-OPENSSL_VERSION = 1.0.1i
+OPENSSL_VERSION = 1.0.1j
 OPENSSL_SITE = http://www.openssl.org/source
 OPENSSL_LICENSE = OpenSSL or SSLeay
 OPENSSL_LICENSE_FILES = LICENSE
-- 
2.0.4

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* [Buildroot] [PATCH] openssl: security bump to version 1.0.1j
  2014-10-16 12:57 [Buildroot] [PATCH] openssl: security bump to version 1.0.1j Gustavo Zacarias
@ 2014-10-17  9:32 ` Peter Korsgaard
  0 siblings, 0 replies; 2+ messages in thread
From: Peter Korsgaard @ 2014-10-17  9:32 UTC (permalink / raw)
  To: buildroot

>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:

 > Fixes:
 > CVE-2014-3513 - SRTP memory leak
 > CVE-2014-3567 - Session ticket memory leak
 > CVE-2014-3568 - Build option no-ssl3 is incomplete
 > And adds SSL3 fallback protection against POODLE.

 > Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

Committed, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2014-10-17  9:32 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-10-16 12:57 [Buildroot] [PATCH] openssl: security bump to version 1.0.1j Gustavo Zacarias
2014-10-17  9:32 ` Peter Korsgaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox