Bug 217294 - security/linux-c6-openssl: update to 1.0.1e-48.el6_8.4
Summary: security/linux-c6-openssl: update to 1.0.1e-48.el6_8.4
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Tijl Coosemans
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-02-22 13:14 UTC by Piotr Kubaj
Modified: 2017-02-24 12:25 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (emulation)
pkubaj: merge-quarterly?


Attachments
patch (1.77 KB, patch)
2017-02-22 13:14 UTC, Piotr Kubaj
no flags Details | Diff
vuxml patch (1.77 KB, patch)
2017-02-22 13:14 UTC, Piotr Kubaj
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Piotr Kubaj freebsd_committer 2017-02-22 13:14:00 UTC
Created attachment 180215 [details]
patch

Changelog:
* An integer underflow leading to an out of bounds read flaw was found in
OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit
TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite.
(CVE-2017-3731)

* A denial of service flaw was found in the way the TLS/SSL protocol defined
processing of ALERT packets during a connection handshake. A remote attacker
could use this flaw to make a TLS/SSL server consume an excessive amount of CPU
and fail to accept connections form other clients. (CVE-2016-8610)

Link: https://rhn.redhat.com/errata/RHSA-2017-0286.html

Builds fine with Poudriere on 10.3-RELEASE.
Comment 1 Piotr Kubaj freebsd_committer 2017-02-22 13:14:38 UTC
Created attachment 180216 [details]
vuxml patch
Comment 2 commit-hook freebsd_committer 2017-02-22 16:27:22 UTC
A commit references this bug:

Author: tijl
Date: Wed Feb 22 16:26:25 UTC 2017
New revision: 434592
URL: https://svnweb.freebsd.org/changeset/ports/434592

Log:
  Update to 1.0.1e-48.el6_8.4.

  PR:		217294
  Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl>
  MFH:		2017Q1
  Security:	https://rhn.redhat.com/errata/RHSA-2017-0286.html

Changes:
  head/security/linux-c6-openssl/Makefile
  head/security/linux-c6-openssl/distinfo
Comment 3 commit-hook freebsd_committer 2017-02-24 11:22:05 UTC
A commit references this bug:

Author: tijl
Date: Fri Feb 24 11:21:18 UTC 2017
New revision: 434706
URL: https://svnweb.freebsd.org/changeset/ports/434706

Log:
  MFH: r434592

  Update to 1.0.1e-48.el6_8.4.

  PR:		217294
  Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl>
  Security:	https://rhn.redhat.com/errata/RHSA-2017-0286.html
  Approved by:	ports-secteam (junovitch)

Changes:
_U  branches/2017Q1/
  branches/2017Q1/security/linux-c6-openssl/Makefile
  branches/2017Q1/security/linux-c6-openssl/distinfo.i386
  branches/2017Q1/security/linux-c6-openssl/distinfo.x86_64