[arch-dev-public] [signoff] openssl 0.9.8n-1
This is mainly a security update, so please sign off soon. See
http://openssl.org/news/secadv_20100324.txt
The complete changelog:
Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
*) When rejecting SSL/TLS records due to an incorrect version number, never
update s->server with a new major version number. As of
- OpenSSL 0.9.8m if 'short' is a 16-bit type,
- OpenSSL 0.9.8f if 'short' is longer than 16 bits,
the previous behavior could result in a read attempt at NULL when
receiving specific incorrect SSL/TLS records once record payload
protection is active. (CVE-2010-0740)
[Bodo Moeller, Adam Langley
On 25/03/10 00:35, Pierre Schmitz wrote:
This is mainly a security update, so please sign off soon. See http://openssl.org/news/secadv_20100324.txt
Signoff i686.
On Thu, Mar 25, 2010 at 4:53 AM, Allan McRae
On 25/03/10 00:35, Pierre Schmitz wrote:
This is mainly a security update, so please sign off soon. See http://openssl.org/news/secadv_20100324.txt
Signoff i686.
Signoff x86_64
participants (3)
-
Allan McRae
-
Dan McGee
-
Pierre Schmitz