[Pkg-openssl-changes] r916 - in openssl/branches: jessie/debian jessie/debian/patches stretch/debian stretch/debian/patches stretch1.0/debian stretch1.0/debian/patches wheezy/debian wheezy/debian/patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Thu Nov 2 11:42:53 UTC 2017
Author: kroeckx
Date: 2017-11-02 11:42:53 +0000 (Thu, 02 Nov 2017)
New Revision: 916
Added:
openssl/branches/jessie/debian/patches/CVE-2017-3735.patch
openssl/branches/stretch/debian/patches/CVE-2017-3735.patch
openssl/branches/stretch1.0/debian/patches/CVE-2017-3735.patch
openssl/branches/wheezy/debian/patches/CVE-2017-3735.patch
Modified:
openssl/branches/jessie/debian/changelog
openssl/branches/jessie/debian/patches/series
openssl/branches/stretch/debian/changelog
openssl/branches/stretch/debian/patches/series
openssl/branches/stretch1.0/debian/changelog
openssl/branches/stretch1.0/debian/patches/series
openssl/branches/wheezy/debian/changelog
openssl/branches/wheezy/debian/patches/series
Log:
Fix CVE-2017-3735
Modified: openssl/branches/jessie/debian/changelog
===================================================================
--- openssl/branches/jessie/debian/changelog 2017-11-02 11:23:40 UTC (rev 915)
+++ openssl/branches/jessie/debian/changelog 2017-11-02 11:42:53 UTC (rev 916)
@@ -1,3 +1,9 @@
+openssl (1.0.1t-1+deb8u7) jessie-security; urgency=medium
+
+ * Fix CVE-2017-3735.patch
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 02 Nov 2017 12:33:54 +0100
+
openssl (1.0.1t-1+deb8u6) jessie-security; urgency=medium
* Fix CVE-2016-8610
Added: openssl/branches/jessie/debian/patches/CVE-2017-3735.patch
===================================================================
--- openssl/branches/jessie/debian/patches/CVE-2017-3735.patch (rev 0)
+++ openssl/branches/jessie/debian/patches/CVE-2017-3735.patch 2017-11-02 11:42:53 UTC (rev 916)
@@ -0,0 +1,39 @@
+From 068b963bb7afc57f5bdd723de0dd15e7795d5822 Mon Sep 17 00:00:00 2001
+From: Rich Salz <rsalz at openssl.org>
+Date: Tue, 22 Aug 2017 11:44:41 -0400
+Subject: [PATCH] Avoid out-of-bounds read
+
+Fixes CVE 2017-3735
+
+Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
+(Merged from https://github.com/openssl/openssl/pull/4276)
+
+(cherry picked from commit b23171744b01e473ebbfd6edad70c1c3825ffbcd)
+---
+ crypto/x509v3/v3_addr.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
+index ef1d775ac9..c5183a1790 100644
+--- a/crypto/x509v3/v3_addr.c
++++ b/crypto/x509v3/v3_addr.c
+@@ -84,10 +84,12 @@ static int length_from_afi(const unsigned afi)
+ */
+ unsigned int X509v3_addr_get_afi(const IPAddressFamily *f)
+ {
+- return ((f != NULL &&
+- f->addressFamily != NULL && f->addressFamily->data != NULL)
+- ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
+- : 0);
++ if (f == NULL
++ || f->addressFamily == NULL
++ || f->addressFamily->data == NULL
++ || f->addressFamily->length < 2)
++ return 0;
++ return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
+ }
+
+ /*
+--
+2.14.2
+
Modified: openssl/branches/jessie/debian/patches/series
===================================================================
--- openssl/branches/jessie/debian/patches/series 2017-11-02 11:23:40 UTC (rev 915)
+++ openssl/branches/jessie/debian/patches/series 2017-11-02 11:42:53 UTC (rev 916)
@@ -35,3 +35,4 @@
CVE-2016-8610.patch
CVE-2017-3731.patch
CVE-2016-7056.patch
+CVE-2017-3735.patch
Modified: openssl/branches/stretch/debian/changelog
===================================================================
--- openssl/branches/stretch/debian/changelog 2017-11-02 11:23:40 UTC (rev 915)
+++ openssl/branches/stretch/debian/changelog 2017-11-02 11:42:53 UTC (rev 916)
@@ -1,3 +1,9 @@
+openssl (1.1.0f-3+deb9u1) unstable; urgency=medium
+
+ * Fix CVE-2017-3735
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 02 Nov 2017 12:29:36 +0100
+
openssl (1.1.0f-3) unstable; urgency=medium
* Don't cleanup a thread-local key we didn't create it (Closes: #863707)
Added: openssl/branches/stretch/debian/patches/CVE-2017-3735.patch
===================================================================
--- openssl/branches/stretch/debian/patches/CVE-2017-3735.patch (rev 0)
+++ openssl/branches/stretch/debian/patches/CVE-2017-3735.patch 2017-11-02 11:42:53 UTC (rev 916)
@@ -0,0 +1,39 @@
+From 068b963bb7afc57f5bdd723de0dd15e7795d5822 Mon Sep 17 00:00:00 2001
+From: Rich Salz <rsalz at openssl.org>
+Date: Tue, 22 Aug 2017 11:44:41 -0400
+Subject: [PATCH] Avoid out-of-bounds read
+
+Fixes CVE 2017-3735
+
+Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
+(Merged from https://github.com/openssl/openssl/pull/4276)
+
+(cherry picked from commit b23171744b01e473ebbfd6edad70c1c3825ffbcd)
+---
+ crypto/x509v3/v3_addr.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
+index ef1d775ac9..c5183a1790 100644
+--- a/crypto/x509v3/v3_addr.c
++++ b/crypto/x509v3/v3_addr.c
+@@ -84,10 +84,12 @@ static int length_from_afi(const unsigned afi)
+ */
+ unsigned int X509v3_addr_get_afi(const IPAddressFamily *f)
+ {
+- return ((f != NULL &&
+- f->addressFamily != NULL && f->addressFamily->data != NULL)
+- ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
+- : 0);
++ if (f == NULL
++ || f->addressFamily == NULL
++ || f->addressFamily->data == NULL
++ || f->addressFamily->length < 2)
++ return 0;
++ return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
+ }
+
+ /*
+--
+2.14.2
+
Modified: openssl/branches/stretch/debian/patches/series
===================================================================
--- openssl/branches/stretch/debian/patches/series 2017-11-02 11:23:40 UTC (rev 915)
+++ openssl/branches/stretch/debian/patches/series 2017-11-02 11:42:53 UTC (rev 916)
@@ -5,3 +5,4 @@
c_rehash-compat.patch
#padlock_conf.patch
0001-Only-release-thread-local-key-if-we-created-it.patch
+CVE-2017-3735.patch
Modified: openssl/branches/stretch1.0/debian/changelog
===================================================================
--- openssl/branches/stretch1.0/debian/changelog 2017-11-02 11:23:40 UTC (rev 915)
+++ openssl/branches/stretch1.0/debian/changelog 2017-11-02 11:42:53 UTC (rev 916)
@@ -1,3 +1,9 @@
+openssl1.0 (1.0.2l-2+deb9u1) unstable; urgency=medium
+
+ * Fix CVE-2017-3735
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 02 Nov 2017 12:31:37 +0100
+
openssl1.0 (1.0.2l-2) unstable; urgency=medium
* Make the udeb use a versioned depends (Closes: #864081)
Added: openssl/branches/stretch1.0/debian/patches/CVE-2017-3735.patch
===================================================================
--- openssl/branches/stretch1.0/debian/patches/CVE-2017-3735.patch (rev 0)
+++ openssl/branches/stretch1.0/debian/patches/CVE-2017-3735.patch 2017-11-02 11:42:53 UTC (rev 916)
@@ -0,0 +1,39 @@
+From 068b963bb7afc57f5bdd723de0dd15e7795d5822 Mon Sep 17 00:00:00 2001
+From: Rich Salz <rsalz at openssl.org>
+Date: Tue, 22 Aug 2017 11:44:41 -0400
+Subject: [PATCH] Avoid out-of-bounds read
+
+Fixes CVE 2017-3735
+
+Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
+(Merged from https://github.com/openssl/openssl/pull/4276)
+
+(cherry picked from commit b23171744b01e473ebbfd6edad70c1c3825ffbcd)
+---
+ crypto/x509v3/v3_addr.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
+index ef1d775ac9..c5183a1790 100644
+--- a/crypto/x509v3/v3_addr.c
++++ b/crypto/x509v3/v3_addr.c
+@@ -84,10 +84,12 @@ static int length_from_afi(const unsigned afi)
+ */
+ unsigned int X509v3_addr_get_afi(const IPAddressFamily *f)
+ {
+- return ((f != NULL &&
+- f->addressFamily != NULL && f->addressFamily->data != NULL)
+- ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
+- : 0);
++ if (f == NULL
++ || f->addressFamily == NULL
++ || f->addressFamily->data == NULL
++ || f->addressFamily->length < 2)
++ return 0;
++ return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
+ }
+
+ /*
+--
+2.14.2
+
Modified: openssl/branches/stretch1.0/debian/patches/series
===================================================================
--- openssl/branches/stretch1.0/debian/patches/series 2017-11-02 11:23:40 UTC (rev 915)
+++ openssl/branches/stretch1.0/debian/patches/series 2017-11-02 11:42:53 UTC (rev 916)
@@ -18,3 +18,4 @@
disable_sslv3_test.patch
libdoc-manpgs-pod-spell.patch
Mark-3DES-and-RC4-ciphers-as-weak.patch
+CVE-2017-3735.patch
Modified: openssl/branches/wheezy/debian/changelog
===================================================================
--- openssl/branches/wheezy/debian/changelog 2017-11-02 11:23:40 UTC (rev 915)
+++ openssl/branches/wheezy/debian/changelog 2017-11-02 11:42:53 UTC (rev 916)
@@ -1,3 +1,9 @@
+openssl (1.0.1t-1+deb7u2) wheezy-security; urgency=medium
+
+ * Fix CVE-2017-3735
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 02 Nov 2017 12:40:57 +0100
+
openssl (1.0.1t-1+deb7u1) wheezy-security; urgency=medium
* New upstream version, based on the version in jessie.
Added: openssl/branches/wheezy/debian/patches/CVE-2017-3735.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/CVE-2017-3735.patch (rev 0)
+++ openssl/branches/wheezy/debian/patches/CVE-2017-3735.patch 2017-11-02 11:42:53 UTC (rev 916)
@@ -0,0 +1,39 @@
+From 068b963bb7afc57f5bdd723de0dd15e7795d5822 Mon Sep 17 00:00:00 2001
+From: Rich Salz <rsalz at openssl.org>
+Date: Tue, 22 Aug 2017 11:44:41 -0400
+Subject: [PATCH] Avoid out-of-bounds read
+
+Fixes CVE 2017-3735
+
+Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
+(Merged from https://github.com/openssl/openssl/pull/4276)
+
+(cherry picked from commit b23171744b01e473ebbfd6edad70c1c3825ffbcd)
+---
+ crypto/x509v3/v3_addr.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
+index ef1d775ac9..c5183a1790 100644
+--- a/crypto/x509v3/v3_addr.c
++++ b/crypto/x509v3/v3_addr.c
+@@ -84,10 +84,12 @@ static int length_from_afi(const unsigned afi)
+ */
+ unsigned int X509v3_addr_get_afi(const IPAddressFamily *f)
+ {
+- return ((f != NULL &&
+- f->addressFamily != NULL && f->addressFamily->data != NULL)
+- ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
+- : 0);
++ if (f == NULL
++ || f->addressFamily == NULL
++ || f->addressFamily->data == NULL
++ || f->addressFamily->length < 2)
++ return 0;
++ return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
+ }
+
+ /*
+--
+2.14.2
+
Modified: openssl/branches/wheezy/debian/patches/series
===================================================================
--- openssl/branches/wheezy/debian/patches/series 2017-11-02 11:23:40 UTC (rev 915)
+++ openssl/branches/wheezy/debian/patches/series 2017-11-02 11:42:53 UTC (rev 916)
@@ -31,3 +31,4 @@
CVE-2016-6303.patch
CVE-2016-6304.patch
CVE-2016-6306.patch
+CVE-2017-3735.patch
More information about the Pkg-openssl-changes
mailing list