[Pkg-openssl-changes] r422 - in openssl/trunk/debian: . patches
Kurt Roeckx
kroeckx at alioth.debian.org
Tue Aug 11 19:19:58 UTC 2009
Author: kroeckx
Date: 2009-08-11 19:19:58 +0000 (Tue, 11 Aug 2009)
New Revision: 422
Added:
openssl/trunk/debian/patches/CVE-2009-2409.patch
Modified:
openssl/trunk/debian/changelog
openssl/trunk/debian/patches/series
Log:
Remove MD2 from digest algorithm table. (CVE-2009-2409) (Closes: #539899)
Modified: openssl/trunk/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog 2009-07-19 20:51:01 UTC (rev 421)
+++ openssl/trunk/debian/changelog 2009-08-11 19:19:58 UTC (rev 422)
@@ -2,8 +2,9 @@
* Split all the patches into a separate files
* Stop undefinging HZ, the issue on alpha should be fixed.
+ * Remove MD2 from digest algorithm table. (CVE-2009-2409) (Closes: #539899)
- -- kurt <kurt at pc18.roeckx.be> Sun, 19 Jul 2009 11:41:00 +0200
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 11 Aug 2009 21:19:18 +0200
openssl (0.9.8k-3) unstable; urgency=low
Added: openssl/trunk/debian/patches/CVE-2009-2409.patch
===================================================================
--- openssl/trunk/debian/patches/CVE-2009-2409.patch (rev 0)
+++ openssl/trunk/debian/patches/CVE-2009-2409.patch 2009-08-11 19:19:58 UTC (rev 422)
@@ -0,0 +1,33 @@
+This is http://cvs.openssl.org/chngview?cn=18381
+Fixes CVE-2009-2409
+
+Index: openssl/crypto/evp/c_alld.c
+RCS File: /v/openssl/cvs/openssl/crypto/evp/c_alld.c,v
+rcsdiff -q -kk '-r1.7' '-r1.7.2.1' -u '/v/openssl/cvs/openssl/crypto/evp/c_alld.c,v' 2>/dev/null
+--- c_alld.c 2005/04/30 21:51:40 1.7
++++ c_alld.c 2009/07/08 08:33:26 1.7.2.1
+@@ -64,9 +64,6 @@
+
+ void OpenSSL_add_all_digests(void)
+ {
+-#ifndef OPENSSL_NO_MD2
+- EVP_add_digest(EVP_md2());
+-#endif
+ #ifndef OPENSSL_NO_MD4
+ EVP_add_digest(EVP_md4());
+ #endif
+Index: openssl/ssl/ssl_algs.c
+RCS File: /v/openssl/cvs/openssl/ssl/ssl_algs.c,v
+rcsdiff -q -kk '-r1.12.2.3' '-r1.12.2.4' -u '/v/openssl/cvs/openssl/ssl/ssl_algs.c,v' 2>/dev/null
+--- ssl_algs.c 2007/04/23 23:50:21 1.12.2.3
++++ ssl_algs.c 2009/07/08 08:33:27 1.12.2.4
+@@ -92,9 +92,6 @@
+ EVP_add_cipher(EVP_seed_cbc());
+ #endif
+
+-#ifndef OPENSSL_NO_MD2
+- EVP_add_digest(EVP_md2());
+-#endif
+ #ifndef OPENSSL_NO_MD5
+ EVP_add_digest(EVP_md5());
+ EVP_add_digest_alias(SN_md5,"ssl2-md5");
Modified: openssl/trunk/debian/patches/series
===================================================================
--- openssl/trunk/debian/patches/series 2009-07-19 20:51:01 UTC (rev 421)
+++ openssl/trunk/debian/patches/series 2009-08-11 19:19:58 UTC (rev 422)
@@ -23,3 +23,5 @@
CVE-2009-1378.patch
CVE-2009-1379.patch
CVE-2009-1387.patch
+CVE-2009-2409.patch
+
More information about the Pkg-openssl-changes
mailing list