[arch-dev-public] [signoff] openssl 1.0.0a-3
Allan McRae
allan at archlinux.org
Thu Aug 12 02:16:30 EDT 2010
On 11/08/10 02:22, Ionuț Bîru wrote:
> On 08/10/2010 02:08 PM, Pierre Schmitz wrote:
>> Hello,
>>
>> there was a double free issue discovered in openssl. This might be used
>> for remote code injection/execution. See
>> http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0085.html
>> or
>> http://www.heise.de/security/meldung/Schwachstelle-in-OpenSSL-1-0-x-1053085.html
>>
>>
>> I have applied the proposed upstream patch
>> http://marc.info/?l=openssl-dev&m=128129628800826&w=2 (it's not in cvs
>> yet though, but at least it should not harm) Of course the test suite is
>> still passed and the mention cert no longer crashes openssl.
>>
>> Please sign off.
>>
>> Pierre
>>
>
> signoff x86_64
>
Signoff i686,
Allan
More information about the arch-dev-public
mailing list