package-update

karasz

Author	SHA1	Message	Date
Alejandro Mery	e005071123	openssl: Updated (1.0.1h -> 1.0.1i) [SECURITY] https://www.openssl.org/news/secadv_20140806.txt * CVE-2014-3505 * CVE-2014-3506 * CVE-2014-3507 * CVE-2014-3508 * CVE-2014-3509 * CVE-2014-3510 * CVE-2014-3511 * CVE-2014-3512 * CVE-2014-5139 Signed-off-by: Alejandro Mery <amery@geeks.cl>	10 years ago
Nagy Karoly Gabriel	b890d78497	openssl: Updated (1.0.1g -> 1.0.1h) multiple security issues. http://www.openssl.org/news/secadv_20140605.txt	11 years ago
Christian Wiese	2e20b57df3	openssl: Updated (1.0.1f -> 1.0.1g) SECURITY! CVE-2014-0160 This fixes the TLS heartbeat read overrun (CVE-2014-0160) vulnerability References: [1] https://www.openssl.org/news/secadv_20140407.txt [2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0160	11 years ago
Christian Wiese	0c3986585b	openssl: Updated (1.0.1e -> 1.0.1f) (SECURITY UPDATE) Changes between 1.0.1e and 1.0.1f [6 Jan 2014] ) Fix for TLS record tampering bug. A carefully crafted invalid handshake could crash OpenSSL with a NULL pointer exception. Thanks to Anton Johansson for reporting this issues. (CVE-2013-4353) ) Keep original DTLS digest and encryption contexts in retransmission structures so we can use the previous session parameters if they need to be resent. (CVE-2013-6450) [Steve Henson] *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which avoids preferring ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing 10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer. [Rob Stradling, Adam Langley]	11 years ago
Christian Wiese	5915b141e3	openssl: Updated (1.0.1d -> 1.0.1e) (CVE-2013-0169) This bugfix release corrects the fix for CVE-2013-0169 done in openssl 1.0.1d.	12 years ago
Christian Wiese	14ec2ff0f5	openssl: Updated (1.0.1c -> 1.0.1d) (SECURITY UPDATE!) Fixing following CVE's - SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169) - TLS 1.1 and 1.2 AES-NI crash (CVE-2012-2686) - OCSP invalid key DoS issue (CVE-2013-0166) Reference: http://www.openssl.org/news/secadv_20130205.txt	12 years ago
Christian Wiese	63a44388cd	openssl: changed to also build at stage 3 Note: This is needed to solve the possible circular dependency with kerberos implementations like MIT kerberos (krb5 package) or Heimdal (heimdal package).	13 years ago
Christian Wiese	7ab268aca9	openssl: Updated (1.0.1b -> 1.0.1c) (CVE-2012-2333) http://openssl.org/news/secadv_20120510.txt	13 years ago
Alejandro Mery	db7f67b9e0	openssl: Updated (1.0.1a -> 1.0.1b)	13 years ago
Alejandro Mery	8a6246f41b	openssl: Updated (1.0.1 -> 1.0.1a) [CVE-2012-2110]	13 years ago
Alejandro Mery	fbe76e3aff	openssl: Updated (1.0.0i -> 1.0.1)	13 years ago
Alejandro Mery	c3048c6931	openssl: Updated (1.0.0h -> 1.0.0i) [CVE-2012-2110]	13 years ago
Alejandro Mery	02dd623d9c	openssl: Updated (1.0.0g -> 1.0.0h)	13 years ago
Alejandro Mery	e60f2ab28e	openssl: Updated (1.0.0f -> 1.0.0g)	13 years ago
Christian Wiese	576141c53f	openssl: Updated (1.0.0e -> 1.0.0f)	13 years ago
Christian Wiese	86f545b40a	openssl: Updated (1.0.0d -> 1.0.0e) (SECURITY: CVE-2011-3207 CVE-2011-3210) Note: More information about the security fixes can be found here: http://openssl.org/news/secadv_20110906.txt	13 years ago
Aldas Nabazas	1c15f21e13	openssl: Updated (1.0.0c -> 1.0.0d)	14 years ago
Aldas Nabazas	c37736347c	openssl: Updated (1.0.0b -> 1.0.0c)	14 years ago
Aldas Nabazas	19e59878d8	openssl: Updated (1.0.0a -> 1.0.0b)	14 years ago
Aldas Nabazas	0f65e1bd44	openssl: Updated (0.9.8o -> 1.0.0a)	14 years ago
Christian Wiese	b347aefe83	openssl: Updated (0.9.8n -> 0.9.8o) SECURITY! CVE-2010-1633 [IMPORTANT] An invalid Return value check in pkey_rsa_verifyrecover was discovered. When verification recovery fails for RSA keys an uninitialised buffer with an undefined length is returned instead of an error code. This could lead to an information leak. original advisory: http://www.openssl.org/news/secadv_20100601.txt CVE-2010-1633: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1633	15 years ago
Christian Wiese	fd30227eb9	openssl: Updated (0.9.8m -> 0.9.8n) SECURITY! CVE-2010-0740 References ---------- This vulnerability is tracked as CVE-2010-0740. URL for this Security Advisory: http://www.openssl.org/news/secadv_20100324.txt	15 years ago
Alejandro Mery	6f3bb12a2c	openssl: Updated (0.9.8l -> 0.9.8m) - SECURITY	15 years ago
Alejandro Mery	b4091f3692	openssl: Updated (0.9.8k -> 0.9.8l)	15 years ago
Alejandro Mery	3058b42617	openssl: updated download location	16 years ago
Alejandro Mery	fd5385da83	openssl: Updated (0.9.8j -> 0.9.8k) - SECURITY http://www.openssl.org/news/secadv_20090325.txt	16 years ago
Alejandro Mery	fbdd53ef13	openssl: Updated (0.9.8i -> 0.9.8j) - SECURITY	16 years ago
Aldas Nabazas	8c81f02dac	openssl: Updated (0.9.8h -> 0.9.8i)	16 years ago
Aldas Nabazas	77aa0935f4	openssl: Updated (0.9.8g -> 0.9.8h) : SECURITY - MEDIUM CVE-2008-1678 (Medium) : Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.	17 years ago
Alejandro Mery	98010b4d95	[openssl] Marked to build on stage 1 when cross compiling	17 years ago
Alejandro Mery	d15769f41d	Removed trailing spaces massively, hoping to not break anything. Copyright notes not renewed	17 years ago
Christian Wiese	9132fd91d4	Took over maintainship of openssl package	17 years ago
Christian Wiese	53d97437eb	Updated openssl (0.9.8d -> 0.9.8g)	17 years ago
Alejandro Mery	12b79fecfa	* relocated current package database to the trunk of the package sub-project git-svn-id: svn://svn.opensde.net/opensde/package/trunk@20072 10447126-35f2-4685-b0cf-6dd780d3921f	18 years ago

34 Commits (e32548773c8f029575f8fb7b8d4d45cc9225b4dd)