Revision 1.3.2.5, Sun Jun 15 12:55:05 2014 UTC (9 years, 10 months ago) by tron
Branch: pkgsrc-2014Q1
Changes since 1.3.2.4: +2 -2 lines

Pullup ticket #4432 - requested by obache
emulators/suse131_openssl: security update

Revisions pulled up:
- emulators/suse131_openssl/Makefile                            1.9
- emulators/suse131_openssl/distinfo                            1.9

---
   Module Name:	pkgsrc
   Committed By:	obache
   Date:		Fri Jun  6 09:53:29 UTC 2014

   Modified Files:
   	pkgsrc/emulators/suse131_openssl: Makefile distinfo

   Log Message:
   Apply openSUSE-SU-2014:0764-1
   openSUSE Security Update: openssl: update to version 1.0.1h

   Description:

      The openssl library was updated to version 1.0.1h fixing various security
      issues and bugs:

      Security issues fixed:
      - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully
        crafted handshake can force the use of weak keying material in OpenSSL
        SSL/TLS clients and servers.
      - CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS
        handshake to an OpenSSL DTLS client the code can be made to recurse
        eventually crashing in a DoS attack.
      - CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer
        overrun attack can be triggered by sending invalid DTLS fragments to an
         OpenSSL DTLS client or server. This is potentially exploitable to run
         arbitrary code on a vulnerable client or server.
      - CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH
        ciphersuites are subject to a denial of service attack.

   Bump PKGREVISION.