CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2015/03/19 08:01:16
Modified files:
lib/libssl/src/crypto/asn1: Tag: OPENBSD_5_7 a_int.c a_set.c
a_type.c d2i_pr.c d2i_pu.c n_pkey.c
tasn_dec.c x_x509.c
lib/libssl/src/crypto/ec: Tag: OPENBSD_5_7 ec_asn1.c
lib/libssl/src/crypto/pkcs7: Tag: OPENBSD_5_7 pk7_doit.c
pk7_lib.c
lib/libssl/src/crypto/x509: Tag: OPENBSD_5_7 x509_req.c
lib/libssl/src/ssl: Tag: OPENBSD_5_7 d1_lib.c
Log message:
Fix several crash causing defects from OpenSSL.
These include:
CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
CVE-2015-0287 - ASN.1 structure reuse memory corruption
CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref
CVE-2015-0289 - PKCS7 NULL pointer dereferences
Several other issues did not apply or were already fixed.
Refer to https://www.openssl.org/news/secadv_20150319.txt
joint work with beck, doug, guenther, jsing, miod
