[Pkg-openssl-changes] r402 - in openssl/branches/etch: debian ssl
Kurt Roeckx
kroeckx at alioth.debian.org
Mon Jun 1 13:36:17 UTC 2009
Author: kroeckx
Date: 2009-06-01 13:36:17 +0000 (Mon, 01 Jun 2009)
New Revision: 402
Modified:
openssl/branches/etch/debian/changelog
openssl/branches/etch/ssl/d1_both.c
Log:
Fix "DTLS use after free" (CVE-2009-1379)
Modified: openssl/branches/etch/debian/changelog
===================================================================
--- openssl/branches/etch/debian/changelog 2009-06-01 13:35:55 UTC (rev 401)
+++ openssl/branches/etch/debian/changelog 2009-06-01 13:36:17 UTC (rev 402)
@@ -2,8 +2,9 @@
* Fix "DTLS record buffer limitation bug." (CVE-2009-1377)
* Fix "DTLS fragment handling" (CVE-2009-1378)
+ * Fix "DTLS use after free" (CVE-2009-1379)
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 01 Jun 2009 15:35:41 +0200
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 01 Jun 2009 15:36:07 +0200
openssl (0.9.8c-4etch5) oldstable-security; urgency=low
Modified: openssl/branches/etch/ssl/d1_both.c
===================================================================
--- openssl/branches/etch/ssl/d1_both.c 2009-06-01 13:35:55 UTC (rev 401)
+++ openssl/branches/etch/ssl/d1_both.c 2009-06-01 13:36:17 UTC (rev 402)
@@ -530,13 +530,14 @@
frag->fragment,frag->msg_header.frag_len);
}
+ unsigned long frag_len = frag->msg_header.frag_len;
dtls1_hm_fragment_free(frag);
pitem_free(item);
if (al==0)
{
*ok = 1;
- return frag->msg_header.frag_len;
+ return frag_len;
}
ssl3_send_alert(s,SSL3_AL_FATAL,al);
More information about the Pkg-openssl-changes
mailing list