Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id DD3F2AEAAC for ; Fri, 22 Aug 2014 17:13:40 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id AAE1F14A27F; Fri, 22 Aug 2014 17:13:39 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id B91F414A27E for ; Fri, 22 Aug 2014 17:13:35 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id ag5GY617QYDs for ; Fri, 22 Aug 2014 17:13:35 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 261A014A274 for ; Fri, 22 Aug 2014 17:13:35 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 1AA2E96; Fri, 22 Aug 2014 17:13:35 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Fri, 22 Aug 2014 17:13:35 +0000 From: "Matthias Scheler" Subject: CVS commit: [pkgsrc-2014Q2] pkgsrc/emulators/suse131_openssl To: pkgsrc-changes@NetBSD.org Reply-To: tron@netbsd.org X-Mailer: log_accum Message-Id: <20140822171335.1AA2E96@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: tron Date: Fri Aug 22 17:13:35 UTC 2014 Modified Files: pkgsrc/emulators/suse131_openssl [pkgsrc-2014Q2]: Makefile distinfo Log Message: Pullup ticket #4481 - requested by obache emulators/suse131_openssl: security update Revisions pulled up: - emulators/suse131_openssl/Makefile 1.10 - emulators/suse131_openssl/distinfo 1.10 --- Module Name: pkgsrc Committed By: obache Date: Fri Aug 22 08:43:09 UTC 2014 Modified Files: pkgsrc/emulators/suse131_openssl: Makefile distinfo Log Message: openSUSE Security Update: update for openssl ___________________________________________________________________________ ___ Announcement ID: openSUSE-SU-2014:1052-1 Rating: moderate References: #890764 #890765 #890766 #890767 #890768 #890769 #890770 #890771 #890772 Cross-References: CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-5139 Affected Products: openSUSE 13.1 openSUSE 12.3 ___________________________________________________________________________ ___ An update that fixes 9 vulnerabilities is now available. Description: This openssl update fixes the following security issues: - openssl 1.0.1i * Information leak in pretty printing functions (CVE-2014-3508) * Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139) * Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509) * Double Free when processing DTLS packets (CVE-2014-3505) * DTLS memory exhaustion (CVE-2014-3506) * DTLS memory leak from zero-length fragments (CVE-2014-3507) * OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510) * OpenSSL TLS protocol downgrade attack (CVE-2014-3511) * SRP buffer overrun (CVE-2014-3512) To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.9.2.1 pkgsrc/emulators/suse131_openssl/Makefile \ pkgsrc/emulators/suse131_openssl/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.