openSUSE Build Service

File _patchinfo of Package patchinfo

<patchinfo incident="233">
  <packager>wrosenauer</packager>
  <issue tracker="cve" id="CVE-2013-6450"></issue>
  <issue tracker="bnc" id="857203">VUL-0: CVE-2013-6450: openssl: crash in DTLS renegotiation after packet loss</issue>
  <issue tracker="cve" id="CVE-2011-0014">ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message </issue>
  <issue tracker="cve" id="CVE-2012-4929"></issue>
  <issue tracker="cve" id="CVE-2013-6449"></issue>
  <issue tracker="bnc" id="670526">VUL-0: openssl: OCSP stapling vulnerability</issue>
  <issue tracker="bnc" id="720601">segmentation fault in svn</issue>
  <issue tracker="bnc" id="784994">VIA padlock support on 64 systems accidentally removed.</issue>
  <issue tracker="bnc" id="793420">VUL-1: CVE-2012-4929: apache2: CRIME attack</issue>
  <issue tracker="bnc" id="802184">VUL-0: CVE-2013-0169: Lucky Thirteen 13 Tracker Bug</issue>
  <issue tracker="bnc" id="803004">openSSL 1.0.1d breaks most, if not all, SSL connections</issue>
  <issue tracker="bnc" id="849377">segfault in libssl.so.1.0.0 after security upgrade of openssl/libopenssl</issue>
  <issue tracker="bnc" id="856687">VUL-0: CVE-2013-6449: openssl: crash when using TLS 1.2</issue>
  <issue tracker="cve" id="CVE-2013-4353"></issue>
  <issue tracker="cve" id="CVE-2014-0076"></issue>
  <issue tracker="cve" id="CVE-2014-0160"></issue>
  <issue tracker="bnc" id="774710">armv5 openssl compiled with -march=armv7-a</issue>
  <issue tracker="bnc" id="822642">VPN-openconnect problem -  DTLS handshake failed</issue>
  <issue tracker="bnc" id="832833">openssl ssl_set_cert_masks() is broken, backport needed</issue>
  <issue tracker="bnc" id="857640">VUL-0: CVE-2013-4353: openssl: TLS record tampering issue can lead to OpenSSL crash</issue>
  <issue tracker="bnc" id="861384">update to openssl-1.0.1e-11.14.1 broke WebRTC functionality in FreeSWITCH</issue>
  <issue tracker="bnc" id="869945">VUL-0: CVE-2014-0076: openssl: Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack</issue>
  <issue tracker="bnc" id="872299">VUL-0: CVE-2014-0160: openssl: "HeartBleed": missing bounds checks for heartbeat messages</issue>
  <issue tracker="cve" id="CVE-2010-5298"></issue>
  <issue tracker="cve" id="CVE-2014-0195"></issue>
  <issue tracker="cve" id="CVE-2014-0198"></issue>
  <issue tracker="cve" id="CVE-2014-0221"></issue>
  <issue tracker="cve" id="CVE-2014-0224"></issue>
  <issue tracker="cve" id="CVE-2014-3470"></issue>
  <issue tracker="bnc" id="873351">VUL-1: CVE-2010-5298: openssl: Use-after-free race condition,in OpenSSLs read buffer</issue>
  <issue tracker="bnc" id="876282">VUL-0: CVE-2014-0198 openssl:  OpenSSL NULL pointer dereference in do_ssl3_write</issue>
  <issue tracker="bnc" id="880891">VUL-0: EMBARGOED: OpenSSL: headsup OpenSSL release June 5th</issue>
  <issue tracker="cve" id="CVE-2014-3505"></issue>
  <issue tracker="cve" id="CVE-2014-3506"></issue>
  <issue tracker="cve" id="CVE-2014-3507"></issue>
  <issue tracker="cve" id="CVE-2014-3508"></issue>
  <issue tracker="cve" id="CVE-2014-3509"></issue>
  <issue tracker="cve" id="CVE-2014-3510"></issue>
  <issue tracker="cve" id="CVE-2014-3511"></issue>
  <issue tracker="cve" id="CVE-2014-3512"></issue>
  <issue tracker="cve" id="CVE-2014-3513"></issue>
  <issue tracker="cve" id="CVE-2014-3566"></issue>
  <issue tracker="cve" id="CVE-2014-3567"></issue>
  <issue tracker="cve" id="CVE-2014-3568"></issue>
  <issue tracker="cve" id="CVE-2014-5139"></issue>
  <issue tracker="bnc" id="901223">VUL-0: CVE-2014-3566: openssl: SSLv3 POODLE attack</issue>
  <issue tracker="bnc" id="901277">VUL-0: CVE-2014-3513, CVE-2014-3567: openssl: DTLS mem leak and session ticket mem leak</issue>
  <issue tracker="cve" id="2011-0014"></issue>
  <issue tracker="cve" id="2012-4929"></issue>
  <issue tracker="cve" id="2013-4353"></issue>
  <issue tracker="cve" id="2013-6449"></issue>
  <issue tracker="cve" id="2014-0160"></issue>
  <issue tracker="cve" id="2014-0198"></issue>
  <issue tracker="cve" id="2014-3505"></issue>
  <issue tracker="cve" id="2014-3506"></issue>
  <issue tracker="cve" id="2014-3507"></issue>
  <issue tracker="cve" id="2014-3508"></issue>
  <issue tracker="cve" id="2014-3509"></issue>
  <issue tracker="cve" id="2014-3510"></issue>
  <issue tracker="cve" id="2014-3511"></issue>
  <issue tracker="cve" id="2014-3512"></issue>
  <issue tracker="cve" id="2014-3513"></issue>
  <issue tracker="cve" id="2014-3566"></issue>
  <issue tracker="cve" id="2014-3567"></issue>
  <issue tracker="cve" id="2014-3568"></issue>
  <issue tracker="cve" id="2014-5139"></issue>
  <issue tracker="cve" id="2014-3569"></issue>
  <issue tracker="cve" id="2014-3570"></issue>
  <issue tracker="cve" id="2014-3571"></issue>
  <issue tracker="cve" id="2014-3572"></issue>
  <issue tracker="cve" id="2014-8275"></issue>
  <issue tracker="cve" id="2015-0204"></issue>
  <issue tracker="cve" id="2015-0205"></issue>
  <issue tracker="cve" id="2015-0206"></issue>
  <issue tracker="cve" id="2015-0209"></issue>
  <issue tracker="cve" id="2015-0286"></issue>
  <issue tracker="cve" id="2015-0287"></issue>
  <issue tracker="cve" id="2015-0288"></issue>
  <issue tracker="cve" id="2015-0289"></issue>
  <issue tracker="cve" id="2015-0293"></issue>
  <issue tracker="bnc" id="911399">VUL-0: CVE-2014-3569: openssl: remote denial of service when built with no-ssl3</issue>
  <issue tracker="bnc" id="912014">VUL-0: CVE-2015-0204: openssl: Only allow ephemeral RSA keys in export ciphersuites.</issue>
  <issue tracker="bnc" id="912015">VUL-0: CVE-2014-3572: openssl: ECDH downgrade bug fix</issue>
  <issue tracker="bnc" id="912018">VUL-0: CVE-2014-8275: openssl: Fix various certificate fingerprint issues</issue>
  <issue tracker="bnc" id="912292">VUL-0: CVE-2015-0206: openssl: memory leak can occur in dtls1_buffer_record</issue>
  <issue tracker="bnc" id="912293">VUL-0: CVE-2015-0205: openssl: Unauthenticated DH client certificate fix.</issue>
  <issue tracker="bnc" id="912294">VUL-0: CVE-2014-3571: openssl: Fix crash in dtls1_get_record</issue>
  <issue tracker="bnc" id="912296">VUL-0: CVE-2014-3570: openssl: Bignum squaring may produce incorrect results</issue>
  <issue tracker="bnc" id="919648">VUL-1: CVE-2015-0209: openssl: Fix a failure to NULL a pointer freed on error.</issue>
  <issue tracker="bnc" id="920236">VUL-1: CVE-2015-0288: openssl: x509: added missing  public key is not NULL check</issue>
  <issue tracker="bnc" id="922488">VUL-1:  CVE-2015-0293: openssl: Fix reachable assert in SSLv2 servers.</issue>
  <issue tracker="bnc" id="922496">VUL-1: CVE-2015-0286: openssl: Segmentation fault in ASN1_TYPE_cmp</issue>
  <issue tracker="bnc" id="922499">VUL-1: CVE-2015-0287: openssl: ASN.1 structure reuse memory corruption</issue>
  <issue tracker="bnc" id="922500">VUL-1: CVE-2015-0289: openssl: PKCS7 NULL pointer dereferences</issue>
  <issue tracker="fate" id="314991"></issue>
  <category>optional</category>
  <rating>moderate</rating>
  <summary>openssl update to version 1.0.1k</summary>
  <description>
This update lifts the openssl library to version 1.0.1k which
contains new features such as protocol support for TLSv1.1
and TLSv1.2 and more improvements.

The patch also contains a rebuild of openssh to reflect the version change dependency (actually a bug in openssh to consider the version).
</description>
</patchinfo>
Places

File _patchinfo of Package patchinfo

Places
