sysmo-bts
/
generic-poky
9
0
Fork 0
Code Pull Requests Releases Activity
generic-poky/meta/recipes-connectivity/openssl/openssl-1.0.1e
History
Yue Tao 381c6b8957 openssl: fix for CVE-2010-5298 
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote
attackers to inject data across sessions or cause a denial of service
(use-after-free and parsing error) via an SSL connection in a
multithreaded environment.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298

(From OE-Core master rev: 751f81ed8dc488c500837aeb3eb41ebf3237e10b)

(From OE-Core rev: 3cc799213e6528fc9fb4a0c40a01a1817484f499)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 		2014-06-10 17:12:24 +01:00
..
debian openssl: update range information in man-section.patch 2013-04-16 12:06:40 +01:00
0001-Fix-DTLS-retransmission-from-previous-session.patch Security Advisory - openssl - CVE-2013-6450 2014-04-09 09:00:40 +01:00
0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch Security Advisory - openssl - CVE-2013-4353 2014-04-09 09:00:40 +01:00
0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch Security Advisory - openssl - CVE-2013-6449 2014-04-09 09:00:40 +01:00
CVE-2014-0160.patch openssl: backport fix for CVE-2014-0160 2014-04-09 09:00:40 +01:00
configure-targets.patch openssl: Upgrade to v1.0.1e 2013-04-09 13:16:53 +01:00
engines-install-in-libdir-ssl.patch openssl: Upgrade to v1.0.1e 2013-04-09 13:16:53 +01:00
find.pl openssl: Upgrade to v1.0.1e 2013-04-09 13:16:53 +01:00
fix-cipher-des-ede3-cfb1.patch openssl: Add fix for cipher des-ede3-cfb1 2013-06-17 16:45:36 +01:00
oe-ldflags.patch openssl: Upgrade to v1.0.1e 2013-04-09 13:16:53 +01:00
openssl-1.0.1e-cve-2014-0195.patch openssl: fix CVE-2014-0195 2014-06-10 17:12:23 +01:00
openssl-1.0.1e-cve-2014-0198.patch openssl: use upstream fix for CVE-2014-0198 2014-06-10 17:12:24 +01:00
openssl-1.0.1e-cve-2014-0221.patch openssl: fix CVE-2014-0221 2014-06-10 17:12:24 +01:00
openssl-1.0.1e-cve-2014-0224.patch openssl: fix CVE-2014-0224 2014-06-10 17:12:24 +01:00
openssl-1.0.1e-cve-2014-3470.patch openssl: fix CVE-2014-3470 2014-06-10 17:12:24 +01:00
openssl-CVE-2010-5298.patch openssl: fix for CVE-2010-5298 2014-06-10 17:12:24 +01:00
openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch openssl: avoid NULL pointer dereference in three places 2013-08-26 11:47:17 +01:00
openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch openssl: avoid NULL pointer dereference in three places 2013-08-26 11:47:17 +01:00
openssl-fix-doc.patch openssl: fix documentation build errors with Perl 5.18 pod2man 2013-05-30 21:10:22 +01:00
openssl-fix-link.patch openssl: Upgrade to v1.0.1e 2013-04-09 13:16:53 +01:00
openssl_fix_for_x32.patch openssl: Upgrade to v1.0.1e 2013-04-09 13:16:53 +01:00
shared-libs.patch openssl: Upgrade to v1.0.1e 2013-04-09 13:16:53 +01:00