[Pkg-openssl-changes] r642 - in openssl/branches/wheezy/debian: . patches

Kurt Roeckx kroeckx at moszumanska.debian.org
Mon Jan 6 17:19:41 UTC 2014 

Author: kroeckx
Date: 2014-01-06 17:19:41 +0000 (Mon, 06 Jan 2014)
New Revision: 642

Modified:
   openssl/branches/wheezy/debian/changelog
   openssl/branches/wheezy/debian/patches/CVE-2013-6450.patch
Log:
Fix CVE-2013-6450 patch.


Modified: openssl/branches/wheezy/debian/changelog
===================================================================
--- openssl/branches/wheezy/debian/changelog	2013-12-23 18:42:51 UTC (rev 641)
+++ openssl/branches/wheezy/debian/changelog	2014-01-06 17:19:41 UTC (rev 642)
@@ -1,3 +1,10 @@
+openssl (1.0.1e-2+deb7u2) stable-security; urgency=medium
+
+  * The patch we applied for CVE-2013-6450 was missing a commit causing
+    crashes.
+
+ -- Kurt Roeckx <kurt at roeckx.be>  Mon, 06 Jan 2014 18:17:13 +0100
+
 openssl (1.0.1e-2+deb7u1) stable-security; urgency=medium
 
   * Fix CVE-2013-6449 (Closes: #732754)

Modified: openssl/branches/wheezy/debian/patches/CVE-2013-6450.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/CVE-2013-6450.patch	2013-12-23 18:42:51 UTC (rev 641)
+++ openssl/branches/wheezy/debian/patches/CVE-2013-6450.patch	2014-01-06 17:19:41 UTC (rev 642)
@@ -1,7 +1,7 @@
 From: "Dr. Stephen Henson" <steve at openssl.org>
 Date: Fri, 20 Dec 2013 15:26:50 +0000
 Subject: [PATCH] Fix DTLS retransmission from previous session.
-Origin: upstream, commit:34628967f1e65dc8f34e000f0f5518e21afbfc7b
+Origin: upstream, commit:34628967f1e65dc8f34e000f0f5518e21afbfc7b, commit:a6c62f0c25a756c263a80ce52afbae888028e986
 
 For DTLS we might need to retransmit messages from the previous session
 so keep a copy of write context in DTLS retransmission buffers instead
@@ -74,3 +74,21 @@
  #ifndef OPENSSL_NO_COMP
  		if (s->compress != NULL)
  			{
+diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
+index 6fc469f..d14e8e4 100644
+--- a/crypto/evp/digest.c
++++ b/crypto/evp/digest.c
+@@ -366,8 +366,11 @@ int EVP_Digest(const void *data, size_t count,
+ 
+ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
+ 	{
+-	EVP_MD_CTX_cleanup(ctx);
+-	OPENSSL_free(ctx);
++	if (ctx)
++		{
++		EVP_MD_CTX_cleanup(ctx);
++		OPENSSL_free(ctx);
++		}
+ 	}
+ 
+ /* This call frees resources associated with the context */

More information about the Pkg-openssl-changes mailing list