- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)

- fix CVE-2006-2940 - parasitic public keys DoS (#207274) - fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940) - fix CVE-2006-4343 - sslv2 client DoS (#206940)
2006-09-28 19:58:49 +00:00 · 2006-09-28 19:58:49 +00:00 · cd294fcd2a
commit cd294fcd2a
parent ba40f6bb66
1 changed files with 15 additions and 1 deletions
--- a/openssl.spec
+++ b/openssl.spec
@ -56,6 +56,10 @@ Patch53: openssl-0.9.8b-bn-threadsafety.patch
 Patch54: openssl-0.9.8b-aes-cachecol.patch
 Patch55: openssl-0.9.8b-pkcs7-leak.patch
 Patch56: openssl-0.9.8b-cve-2006-4339.patch
 Patch57: openssl-0.9.8b-cve-2006-2937.patch
 Patch58: openssl-0.9.8b-cve-2006-2940.patch
 Patch59: openssl-0.9.8b-cve-2006-3738.patch
 Patch60: openssl-0.9.8b-cve-2006-4343.patch
 License: BSDish
 Group: System Environment/Libraries
@ -121,6 +125,10 @@ from other formats to the formats used by the OpenSSL toolkit.
 %patch54 -p1 -b .cachecol
 %patch55 -p1 -b .pkcs7-leak
 %patch56 -p1 -b .short-padding
 %patch57 -p1 -b .asn1-error
 %patch58 -p0 -b .parasitic
 %patch59 -p0 -b .shared-ciphers
 %patch60 -p0 -b .client-dos
 # Modify the various perl scripts to reference perl in the right location.
 perl util/perlpath.pl `dirname %{__perl}`
@ -355,7 +363,13 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint
 %postun -p /sbin/ldconfig
 %changelog
-* Tue Sep  9 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-6
+* Mon Sep 25 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-7
 - fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)
 - fix CVE-2006-2940 - parasitic public keys DoS (#207274)
 - fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)
 - fix CVE-2006-4343 - sslv2 client DoS (#206940)
 * Tue Sep  5 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-6
 - fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)
 * Wed Aug  2 2006 Tomas Mraz <tmraz@redhat.com> - 0.9.8b-5