CVSROOT: /cvs
Module name: ports
Changes by: t...@cvs.openbsd.org 2023/10/24 09:24:49
Modified files:
security/openssl/3.1: Makefile distinfo
security/openssl/3.1/pkg: PLIST
Log message:
Update to OpenSSL 3.1.4
* Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(),
EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters
that alter the key or IV length ([CVE-2023-5363]).
https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
Let's just say that the names are by far the most fortunate choice made in
the design of these interfaces.
Only one application is known to be affected by this and it's not in ports.
