[arch-dev-public] [signoff] openssl 1.0.0a-3
Pierre Schmitz
pierre at archlinux.de
Tue Aug 10 07:08:31 EDT 2010
Hello,
there was a double free issue discovered in openssl. This might be used
for remote code injection/execution. See
http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0085.html
or
http://www.heise.de/security/meldung/Schwachstelle-in-OpenSSL-1-0-x-1053085.html
I have applied the proposed upstream patch
http://marc.info/?l=openssl-dev&m=128129628800826&w=2 (it's not in cvs
yet though, but at least it should not harm) Of course the test suite is
still passed and the mention cert no longer crashes openssl.
Please sign off.
Pierre
--
Pierre Schmitz, https://users.archlinux.de/~pierre
More information about the arch-dev-public
mailing list