[Pkg-openssl-changes] r397 - in openssl/branches/lenny: debian ssl
Kurt Roeckx
kroeckx at alioth.debian.org
Mon Jun 1 12:57:40 UTC 2009
Author: kroeckx
Date: 2009-06-01 12:57:40 +0000 (Mon, 01 Jun 2009)
New Revision: 397
Modified:
openssl/branches/lenny/debian/changelog
openssl/branches/lenny/ssl/d1_both.c
Log:
Fix "DTLS use after free" (CVE-2009-1379)
Modified: openssl/branches/lenny/debian/changelog
===================================================================
--- openssl/branches/lenny/debian/changelog 2009-06-01 12:56:16 UTC (rev 396)
+++ openssl/branches/lenny/debian/changelog 2009-06-01 12:57:40 UTC (rev 397)
@@ -2,8 +2,9 @@
* Fix "DTLS record buffer limitation bug." (CVE-2009-1377)
* Fix "DTLS fragment handling" (CVE-2009-1378)
+ * Fix "DTLS use after free" (CVE-2009-1379)
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 01 Jun 2009 14:39:43 +0200
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 01 Jun 2009 14:56:56 +0200
openssl (0.9.8g-15+lenny1) stable-security; urgency=low
Modified: openssl/branches/lenny/ssl/d1_both.c
===================================================================
--- openssl/branches/lenny/ssl/d1_both.c 2009-06-01 12:56:16 UTC (rev 396)
+++ openssl/branches/lenny/ssl/d1_both.c 2009-06-01 12:57:40 UTC (rev 397)
@@ -530,13 +530,14 @@
frag->fragment,frag->msg_header.frag_len);
}
+ unsigned long frag_len = frag->msg_header.frag_len;
dtls1_hm_fragment_free(frag);
pitem_free(item);
if (al==0)
{
*ok = 1;
- return frag->msg_header.frag_len;
+ return frag_len;
}
ssl3_send_alert(s,SSL3_AL_FATAL,al);
More information about the Pkg-openssl-changes
mailing list