Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=44c2a177f934b6274d8ef0fbd3498540600a481a
commit 44c2a177f934b6274d8ef0fbd3498540600a481a Author: kikadf <kikadf...@gmail.com> Date: Sun Jan 12 17:30:16 2014 +0100 Add FSA for openssl diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index e392e9f..947e8d3 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -26,6 +26,21 @@ <fsas> <fsa> + <id>764</id> + <date>2014-01-12</date> + <author>kikadf</author> + <package>openssl</package> + <vulnerable>1.0.1-4</vulnerable> + <unaffected>1.0.1-5arcturus1</unaffected> + <bts></bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450</cve> + <desc>Anton Johansson discovered that an invalid TLS handshake package could crash OpenSSL with a NULL pointer dereference. + Multiple security issues have been fixed in OpenSSL: The TLS 1.2 support was susceptible to denial of service and retransmission of DTLS messages was fixed. + In addition this update disables the insecure Dual_EC_DRBG algorithm (which was unused anyway, see http://marc.info/?l=openssl-announce&m=138747119822324&w=2 for further information) and no longer uses the RdRand feature available on some Intel CPUs as a sole source of entropy unless explicitly requested.</desc> + </fsa> + <fsa> <id>763</id> <date>2014-01-12</date> <author>kikadf</author> _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git
