main/openssl/0002-engines-e_padlock-backport-cvs-head-changes.patch · 26dd384585d2182a35bd9450091726b6472b3b24 · alpine / aports

main/openssl: security upgrade to 1.0.1k · 26dd3845

Timo Teräs authored Jan 09, 2015

CVE-2014-3571 DTLS segmentation fault in dtls1_get_record
CVE-2015-0206 DTLS memory leak in dtls1_buffer_record
CVE-2014-3569 no-ssl3 configuration sets method to NULL
CVE-2014-3572 ECDHE silently downgrades to ECDH [Client]
CVE-2015-0204 RSA silently downgrades to EXPORT_RSA [Client]
CVE-2015-0205 DH client certificates accepted without verification [Server]
CVE-2014-8275 Certificate fingerprints can be modified
CVE-2014-3570 Bignum squaring may produce incorrect results

26dd3845