[arch-dev-public] [signoff] openssl 1.0.0a-3
ibiru at archlinux.org
Tue Aug 10 12:22:27 EDT 2010
On 08/10/2010 02:08 PM, Pierre Schmitz wrote:
> there was a double free issue discovered in openssl. This might be used
> for remote code injection/execution. See
> I have applied the proposed upstream patch
> http://marc.info/?l=openssl-dev&m=128129628800826&w=2 (it's not in cvs
> yet though, but at least it should not harm) Of course the test suite is
> still passed and the mention cert no longer crashes openssl.
> Please sign off.
More information about the arch-dev-public