openssl

Commit Graph

Author	SHA1	Message	Date
Tomas Mraz	546bf977b5	Fix multiple security issues. - fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time - fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent - fix CVE-2015-1791 - race condition handling NewSessionTicket - fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function - add missing parts of CVE-2015-0209 fix for corectness although unexploitable	2015-06-15 17:09:29 +02:00
Tomas Mraz	729d2d0e11	Multiple security issues fixed. - fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey() - fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison - fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption - fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data - fix CVE-2015-0293 - triggerable assert in SSLv2 server	2015-03-19 18:08:12 +01:00

Author

SHA1

Message

Date

Tomas Mraz

546bf977b5

Fix multiple security issues.

- fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time
- fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent
- fix CVE-2015-1791 - race condition handling NewSessionTicket
- fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function
- add missing parts of CVE-2015-0209 fix for corectness although unexploitable

2015-06-15 17:09:29 +02:00

Tomas Mraz

729d2d0e11

Multiple security issues fixed.

- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()
- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison
- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption
- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data
- fix CVE-2015-0293 - triggerable assert in SSLv2 server

2015-03-19 18:08:12 +01:00

2 Commits