Bug 217294

Summary: security/linux-c6-openssl: update to 1.0.1e-48.el6_8.4
Product: Ports & Packages Reporter: Piotr Kubaj <pkubaj>
Component: Individual Port(s)Assignee: Tijl Coosemans <tijl>
Status: Closed FIXED    
Severity: Affects Only Me CC: pkubaj
Priority: --- Flags: bugzilla: maintainer-feedback? (emulation)
pkubaj: merge-quarterly?
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
patch
none
vuxml patch none

Description Piotr Kubaj freebsd_committer freebsd_triage 2017-02-22 13:14:00 UTC 
Created attachment 180215 [details]
patch

Changelog:
* An integer underflow leading to an out of bounds read flaw was found in
OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit
TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite.
(CVE-2017-3731)

* A denial of service flaw was found in the way the TLS/SSL protocol defined
processing of ALERT packets during a connection handshake. A remote attacker
could use this flaw to make a TLS/SSL server consume an excessive amount of CPU
and fail to accept connections form other clients. (CVE-2016-8610)

Link: https://rhn.redhat.com/errata/RHSA-2017-0286.html

Builds fine with Poudriere on 10.3-RELEASE.
Comment 1 Piotr Kubaj freebsd_committer freebsd_triage 2017-02-22 13:14:38 UTC 
Created attachment 180216 [details]
vuxml patch
Comment 2 commit-hook freebsd_committer freebsd_triage 2017-02-22 16:27:22 UTC 
A commit references this bug:

Author: tijl
Date: Wed Feb 22 16:26:25 UTC 2017
New revision: 434592
URL: https://svnweb.freebsd.org/changeset/ports/434592

Log:
  Update to 1.0.1e-48.el6_8.4.

  PR:		217294
  Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl>
  MFH:		2017Q1
  Security:	https://rhn.redhat.com/errata/RHSA-2017-0286.html

Changes:
  head/security/linux-c6-openssl/Makefile
  head/security/linux-c6-openssl/distinfo
Comment 3 commit-hook freebsd_committer freebsd_triage 2017-02-24 11:22:05 UTC 
A commit references this bug:

Author: tijl
Date: Fri Feb 24 11:21:18 UTC 2017
New revision: 434706
URL: https://svnweb.freebsd.org/changeset/ports/434706

Log:
  MFH: r434592

  Update to 1.0.1e-48.el6_8.4.

  PR:		217294
  Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl>
  Security:	https://rhn.redhat.com/errata/RHSA-2017-0286.html
  Approved by:	ports-secteam (junovitch)

Changes:
_U  branches/2017Q1/
  branches/2017Q1/security/linux-c6-openssl/Makefile
  branches/2017Q1/security/linux-c6-openssl/distinfo.i386
  branches/2017Q1/security/linux-c6-openssl/distinfo.x86_64