[meego-commits] 7252: Changes to MeeGo:1.0:Core:Update:Testing/openssl
Passion Zhao
no_reply at build.meego.com
Thu Sep 2 09:15:37 UTC 2010
Hi,
I have made the following changes to openssl in project MeeGo:1.0:Core:Update:Testing. Please review and accept ASAP.
Thank You,
Passion Zhao
[This message was auto-generated]
---
Request #7252:
submit: home:qzhao9:branches:MeeGo:1.0:Core:Update:Testing/openssl(r3)(cleanup) -> MeeGo:1.0:Core:Update:Testing/openssl
Message:
Address BMC#5668 CVE-2010-2939: Double free vulnerability in the ssl3_get_key_exchange
State: new 2010-09-02T02:15:36 qzhao9
Comment: None
changes files:
--------------
--- openssl.changes
+++ openssl.changes
@@ -0,0 +1,3 @@
+* Thu Sep 2 2010 Passion Zhao <passion.zhao at intel.com> - 0.9.8m-3
+- Address BMC#5668 CVE-2010-2939: Double free vulnerability in the ssl3_get_key_exchange
+
new:
----
openssl-0.9.8m-CVE-2010-2939.patch
spec files:
-----------
--- openssl.spec
+++ openssl.spec
@@ -76,6 +76,8 @@
#openssl_patchset_19374.diff
Patch63: openssl-0.9.8m-CVE-2010-0433.patch
+Patch64: openssl-0.9.8m-CVE-2010-2939.patch
+
License: OpenSSL
Group: System Environment/Libraries
URL: http://www.openssl.org/source/
@@ -152,6 +154,7 @@
%patch62 -p0 -b .cve-2008-1671
%patch63 -p1 -b .CVE-2010-0433
+%patch64 -p0 -b .CVE-2010-2939
# Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}`
other changes:
--------------
++++++ openssl-0.9.8m-CVE-2010-2939.patch (new)
--- openssl-0.9.8m-CVE-2010-2939.patch
+++ openssl-0.9.8m-CVE-2010-2939.patch
+--- ./ssl/s3_clnt.c.orig 2010-01-27 03:40:36.000000000 +0800
++++ ./ssl/s3_clnt.c 2010-09-02 17:05:50.000000000 +0800
+@@ -1377,6 +1377,7 @@ int ssl3_get_key_exchange(SSL *s)
+ s->session->sess_cert->peer_ecdh_tmp=ecdh;
+ ecdh=NULL;
+ BN_CTX_free(bn_ctx);
++ bn_ctx = NULL;
+ EC_POINT_free(srvr_ecpoint);
+ srvr_ecpoint = NULL;
+ }
More information about the MeeGo-commits
mailing list