[Pkg-openssl-changes] r587 - in openssl/branches/squeeze/debian: . patches

Mon Feb 11 19:06:36 UTC 2013

Author: kroeckx
Date: 2013-02-11 19:06:36 +0000 (Mon, 11 Feb 2013)
New Revision: 587

Added:
   openssl/branches/squeeze/debian/patches/CVE-2012-2131.patch
   openssl/branches/squeeze/debian/patches/CVE-2012-2333.patch
Modified:
   openssl/branches/squeeze/debian/changelog
   openssl/branches/squeeze/debian/patches/series
Log:
Old security uploads by security team.


Modified: openssl/branches/squeeze/debian/changelog
===================================================================

--- openssl/branches/squeeze/debian/changelog	2013-02-11 18:45:29 UTC (rev 586)
+++ openssl/branches/squeeze/debian/changelog	2013-02-11 19:06:36 UTC (rev 587)
@@ -1,3 +1,17 @@
+openssl (0.9.8o-4squeeze13) squeeze-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix CVE-2012-2333: DoS via explicit IV in DTLS
+
+ -- Raphael Geissert <geissert at debian.org>  Wed, 16 May 2012 16:39:28 -0500
+
+openssl (0.9.8o-4squeeze12) squeeze-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix CVE-2012-2131: incomplete fix of CVE-2012-2110
+
+ -- Raphael Geissert <geissert at debian.org>  Tue, 24 Apr 2012 16:41:03 -0500
+
 openssl (0.9.8o-4squeeze11) squeeze-security; urgency=low
 
   * Really apply CVE-2012-2110

Added: openssl/branches/squeeze/debian/patches/CVE-2012-2131.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/CVE-2012-2131.patch	                        (rev 0)
+++ openssl/branches/squeeze/debian/patches/CVE-2012-2131.patch	2013-02-11 19:06:36 UTC (rev 587)
@@ -0,0 +1,28 @@
+Index: openssl-0.9.8o/crypto/buffer/buffer.c
+===================================================================
+--- openssl-0.9.8o.orig/crypto/buffer/buffer.c
++++ openssl-0.9.8o/crypto/buffer/buffer.c
+@@ -99,6 +99,11 @@ int BUF_MEM_grow(BUF_MEM *str, int len)
+ 	char *ret;
+ 	unsigned int n;
+ 
++	if (len < 0)
++		{
++		BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
++		return 0;
++		}
+ 	if (str->length >= len)
+ 		{
+ 		str->length=len;
+@@ -141,6 +146,11 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int
+ 	char *ret;
+ 	unsigned int n;
+ 
++	if (len < 0)
++		{
++		BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
++		return 0;
++		}
+ 	if (str->length >= len)
+ 		{
+ 		memset(&str->data[len],0,str->length-len);

Added: openssl/branches/squeeze/debian/patches/CVE-2012-2333.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/CVE-2012-2333.patch	                        (rev 0)
+++ openssl/branches/squeeze/debian/patches/CVE-2012-2333.patch	2013-02-11 19:06:36 UTC (rev 587)
@@ -0,0 +1,13 @@
+Index: openssl-0.9.8o/ssl/d1_enc.c
+===================================================================
+--- openssl-0.9.8o.orig/ssl/d1_enc.c
++++ openssl-0.9.8o/ssl/d1_enc.c
+@@ -257,7 +257,7 @@ int dtls1_enc(SSL *s, int send)
+ 				}
+ 			/* TLS 1.0 does not bound the number of padding bytes by the block size.
+ 			 * All of them must have value 'padding_length'. */
+-			if (i > (int)rec->length)
++			if (i + bs > (int)rec->length)
+ 				{
+ 				/* Incorrect padding. SSLerr() and ssl3_alert are done
+ 				 * by caller: we don't want to reveal whether this is

Modified: openssl/branches/squeeze/debian/patches/series
===================================================================
--- openssl/branches/squeeze/debian/patches/series	2013-02-11 18:45:29 UTC (rev 586)
+++ openssl/branches/squeeze/debian/patches/series	2013-02-11 19:06:36 UTC (rev 587)
@@ -36,3 +36,5 @@
 CVE-2012-0884.patch
 CVE-2012-1165.patch
 CVE-2012-2110.patch
+CVE-2012-2131.patch
+CVE-2012-2333.patch


