[Pkg-openssl-devel] Bug#732754: Bug#732754: Bug#732754: openssl: CVE-2013-6449: crash when using TLS 1.2
Kurt Roeckx
kurt at roeckx.be
Sun Dec 22 18:14:00 UTC 2013
On Sun, Dec 22, 2013 at 12:25:16AM +0100, Kurt Roeckx wrote:
> But I'm also thinking about at least #732710
>
> There are also things like:
> Author: Dr. Stephen Henson <steve at openssl.org>
> Date: Mon Sep 16 05:23:44 2013 +0100
>
> Disable Dual EC DRBG.
>
> Return an error if an attempt is made to enable the Dual EC DRBG: it
> is not used by default.
>
> And there is a whole bunch of other things I want to get fixed but
> which are less important.
And then this just appeared in git too:
commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Fri Dec 20 15:26:50 2013 +0000
Fix DTLS retransmission from previous session.
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
Kurt
More information about the Pkg-openssl-devel
mailing list