Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="351">
  <packager>draht</packager>
  <issue tracker="cve" id="2015-0209"></issue>
  <issue tracker="cve" id="2015-0286"></issue>
  <issue tracker="cve" id="2015-0287"></issue>
  <issue tracker="cve" id="2015-0288"></issue>
  <issue tracker="cve" id="2015-0289"></issue>
  <issue tracker="cve" id="2015-0293"></issue>
  <issue tracker="cve" id="2015-1788"></issue>
  <issue tracker="cve" id="2015-1789"></issue>
  <issue tracker="cve" id="2015-1790"></issue>
  <issue tracker="cve" id="2015-1791"></issue>
  <issue tracker="cve" id="2015-1792"></issue>
  <issue tracker="cve" id="2015-1793"></issue>
  <issue tracker="cve" id="2015-4000"></issue>
  <category>optional</category>
  <rating>important</rating>
  <summary>openssl update (including postfix rebuild)</summary>
  <description>
Update to 1.0.1p:
- CVE-2015-1793: fix for CA flag certificate chain validatin logic
  error, also known as "OprahSSL".
 * CVE-2015-4000 aka Logjam: TLS MITM DH keylength downgrade
 * CVE-2015-1788 Malformed ECParameters causes infinite loop
 * CVE-2015-1789 OOB read in X509_cmp_time via ASN1_TIME string
 * CVE-2015-1790 PKCS7 crash with missing EnvelopedContent
 * CVE-2015-1792 CMS verify infinite loop with unknown hash function
 * CVE-2015-1791 Race condition handling NewSessionTicket (low profile vuln.)
- re-diff'd:
  openssl-ocloexec.patch
  VIA_padlock_support_on_64systems.patch
  compression_methods_switch.patch
  0005-libssl-Hide-library-private-symbols.patch
- openssl-1.0.1c-default-paths.patch replaced by re-diff'd
  openssl-1.0.1n-default-paths.patch
- obsoleted: openssl-CVE-2015-0209.patch (NULL pointer checks
  were upstreamed differently in upstream versions after Feb 2015)
- obsoleted by identical upstream fixes:
  openssl-CVE-2015-0286.patch
  openssl-CVE-2015-0287.patch
  openssl-CVE-2015-0288.patch
  openssl-CVE-2015-0289.patch
  openssl-CVE-2015-0293.patch</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places