openssl: Missing CRL sanity check (CVE-2016-7052)
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
OpenSSL 1.0.2i users should upgrade to 1.0.2j
Reference:
https://www.openssl.org/news/secadv/20160926.txt
(from redmine: issue id 6240, created on 2016-09-28, closed on 2016-10-18)
- Relations:
- child #6241 (closed)
- child #6242 (closed)
- child #6243 (closed)