]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: c50da4a) | patch
openssl: fix CVE-2014-0198
authorMaxin B. John <maxin.john@enea.com>
Fri, 9 May 2014 21:20:01 +0000 (14:20 -0700)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 12 May 2014 16:06:22 +0000 (17:06 +0100)
commitffe6bdcb896dc39750144944be1f635baf33f6a0
treec79366cee5d9c7ef0e5ea2b80863b8462a977eb8tree | snapshot
parentc50da4a2c1128f599b2c66d06b7d2ea80215f9d0commit | diff
openssl: fix CVE-2014-0198

A null pointer dereference bug was discovered in do_ssl3_write().
An attacker could possibly use this to cause OpenSSL to crash, resulting
in a denial of service.

https://access.redhat.com/security/cve/CVE-2014-0198

Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2014-0198-fix.patch [new file with mode: 0644] blob
meta/recipes-connectivity/openssl/openssl_1.0.1e.bb diff | blob | history
Mirror of the official openembedded-core repository