[Pkg-openssl-changes] r318 - in openssl/trunk: debian ssl

chrism at alioth.debian.org chrism at alioth.debian.org
Tue Jun 10 10:07:10 UTC 2008


Author: chrism
Date: 2008-06-10 10:07:10 +0000 (Tue, 10 Jun 2008)
New Revision: 318

Modified:
   openssl/trunk/debian/changelog
   openssl/trunk/ssl/t1_lib.c
Log:
include fixes from 10.1 NMB by Security team
- Fix double free in TLS server name extension which leads to a remote
denial of service (CVE-2008-0891; Closes: #483379).

Modified: openssl/trunk/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog	2008-06-04 12:46:01 UTC (rev 317)
+++ openssl/trunk/debian/changelog	2008-06-10 10:07:10 UTC (rev 318)
@@ -6,8 +6,11 @@
   * add Vcs-Svn header (closes: #481654)
   * fix debian-kfreebsd-i386 build flags (closes: #482275)
   * add stunnel4 to restart list (closes: #482111)
+  * include fixes from 10.1 NMB by Security team
+    - Fix double free in TLS server name extension which leads to a remote
+      denial of service (CVE-2008-0891; Closes: #483379).
 
- -- Christoph Martin <christoph.martin at uni-mainz.de>  Wed,  4 Jun 2008 14:45:25 +0200
+ -- Christoph Martin <christoph.martin at uni-mainz.de>  Tue, 10 Jun 2008 12:06:37 +0200
 
 openssl (0.9.8g-10) unstable; urgency=low
 

Modified: openssl/trunk/ssl/t1_lib.c
===================================================================
--- openssl/trunk/ssl/t1_lib.c	2008-06-04 12:46:01 UTC (rev 317)
+++ openssl/trunk/ssl/t1_lib.c	2008-06-10 10:07:10 UTC (rev 318)
@@ -332,6 +332,7 @@
 						s->session->tlsext_hostname[len]='\0';
 						if (strlen(s->session->tlsext_hostname) != len) {
 							OPENSSL_free(s->session->tlsext_hostname);
+							s->session->tlsext_hostname = NULL;
 							*al = TLS1_AD_UNRECOGNIZED_NAME;
 							return 0;
 						}




More information about the Pkg-openssl-changes mailing list