[arch-dev-public] [signoff] openssl 1.0.0a-3
Ionuț Bîru
ibiru at archlinux.org
Tue Aug 10 12:22:27 EDT 2010
On 08/10/2010 02:08 PM, Pierre Schmitz wrote:
> Hello,
>
> there was a double free issue discovered in openssl. This might be used
> for remote code injection/execution. See
> http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0085.html
> or
> http://www.heise.de/security/meldung/Schwachstelle-in-OpenSSL-1-0-x-1053085.html
>
> I have applied the proposed upstream patch
> http://marc.info/?l=openssl-dev&m=128129628800826&w=2 (it's not in cvs
> yet though, but at least it should not harm) Of course the test suite is
> still passed and the mention cert no longer crashes openssl.
>
> Please sign off.
>
> Pierre
>
signoff x86_64
--
Ionuț
More information about the arch-dev-public
mailing list