[Pkg-openssl-devel] Bug#732754: Bug#732754: Bug#732754: Bug#732754: Bug#732754: Bug#732754: openssl: CVE-2013-6449: crash when using TLS 1.2

Kurt Roeckx kurt at roeckx.be
Mon Jan 6 17:24:14 UTC 2014


On Mon, Dec 23, 2013 at 06:44:23PM +0100, Kurt Roeckx wrote:
> On Sun, Dec 22, 2013 at 11:51:09PM +0100, Kurt Roeckx wrote:
> > 
> > For security I would like to have the following:
> > - CVE-2013-6449: 0294b2be5f4c11e60620c0018674ff0e17b14238 + 
> >   ca989269a2876bae79393bd54c3e72d49975fc75
> > - CVE-2013-6450: 34628967f1e65dc8f34e000f0f5518e21afbfc7b
> > - disable rdrand: 1c2c5e402a757a63d690bd2390bd6b8b491ef184
> > - Disable Dual EC DRBG: a4870de5aaef562c0947494b410a2387f3a6d04d
> 
> So I've put that at:
> http://people.debian.org/~kroeckx/openssl/

So the patch for CVE-2013-6450 was missing a commit.  See:
http://rt.openssl.org/Ticket/Display.html?id=3214&user=guest&pass=guest

I'll upload a 1.0.1e-2+deb7u2 soon.


Kurt



More information about the Pkg-openssl-devel mailing list