[arch-dev-public] [signoff] openssl 1.0.0a-3
Hello, there was a double free issue discovered in openssl. This might be used for remote code injection/execution. See http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0085.html or http://www.heise.de/security/meldung/Schwachstelle-in-OpenSSL-1-0-x-1053085.... I have applied the proposed upstream patch http://marc.info/?l=openssl-dev&m=128129628800826&w=2 (it's not in cvs yet though, but at least it should not harm) Of course the test suite is still passed and the mention cert no longer crashes openssl. Please sign off. Pierre -- Pierre Schmitz, https://users.archlinux.de/~pierre
On 08/10/2010 02:08 PM, Pierre Schmitz wrote:
Hello,
there was a double free issue discovered in openssl. This might be used for remote code injection/execution. See http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0085.html or http://www.heise.de/security/meldung/Schwachstelle-in-OpenSSL-1-0-x-1053085....
I have applied the proposed upstream patch http://marc.info/?l=openssl-dev&m=128129628800826&w=2 (it's not in cvs yet though, but at least it should not harm) Of course the test suite is still passed and the mention cert no longer crashes openssl.
Please sign off.
Pierre
signoff x86_64 -- Ionuț
On 11/08/10 02:22, Ionuț Bîru wrote:
On 08/10/2010 02:08 PM, Pierre Schmitz wrote:
Hello,
there was a double free issue discovered in openssl. This might be used for remote code injection/execution. See http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0085.html or http://www.heise.de/security/meldung/Schwachstelle-in-OpenSSL-1-0-x-1053085....
I have applied the proposed upstream patch http://marc.info/?l=openssl-dev&m=128129628800826&w=2 (it's not in cvs yet though, but at least it should not harm) Of course the test suite is still passed and the mention cert no longer crashes openssl.
Please sign off.
Pierre
signoff x86_64
Signoff i686, Allan
participants (3)
-
Allan McRae
-
Ionuț Bîru
-
Pierre Schmitz