]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: e36aff4) | patch
Security Advisory - openssl - CVE-2013-6450
authorYue Tao <Yue.Tao@windriver.com>
Tue, 8 Apr 2014 18:37:38 +0000 (19:37 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Wed, 9 Apr 2014 07:59:00 +0000 (08:59 +0100)
commit80263dc0b6c02c21949e81564ac1e5c6f198d9ac
treed1763baeccb4e52933732219480261a8dcfbc84atree | snapshot
parente36aff4b0ed5f70deb4862dc893eef9ceaa93003commit | diff
Security Advisory - openssl - CVE-2013-6450

The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x
through 1.0.1e does not properly maintain data structures for digest and
encryption contexts, which might allow man-in-the-middle attackers to
trigger the use of a different context by interfering with packet delivery,
related to ssl/d1_both.c and ssl/t1_enc.c.

(From OE-Core master rev: 94352e694cd828aa84abd846149712535f48ab0f)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch [new file with mode: 0644] blob
meta/recipes-connectivity/openssl/openssl_1.0.1e.bb diff | blob | history
Mirror of the official openembedded-core repository