granicus.if.org Git - openssl/commit

]> granicus.if.org Git - openssl/commit

author	Mark J. Cox <mark@openssl.org>
	Thu, 28 Sep 2006 11:29:03 +0000 (11:29 +0000)
committer	Mark J. Cox <mark@openssl.org>
	Thu, 28 Sep 2006 11:29:03 +0000 (11:29 +0000)
commit	951dfbb13a79bff82cef8096d2c93bc2d65a7525
tree	abc7f989e18378c7c06a5eecf6f23257fb42f53a	tree \| snapshot
parent	81780a3b6290836f3ef64eafe7143e892e7fa5cc	commit \| diff

Introduce limits to prevent malicious keys being able to
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]

Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]

Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]

18 files changed:

CHANGES		diff \| blob \| history
NEWS		diff \| blob \| history
crypto/asn1/tasn_dec.c		diff \| blob \| history
crypto/dh/dh.h		diff \| blob \| history
crypto/dh/dh_err.c		diff \| blob \| history
crypto/dh/dh_key.c		diff \| blob \| history
crypto/dsa/dsa.h		diff \| blob \| history
crypto/dsa/dsa_err.c		diff \| blob \| history
crypto/dsa/dsa_ossl.c		diff \| blob \| history
crypto/ec/ec.h		diff \| blob \| history
crypto/ec/ec_asn1.c		diff \| blob \| history
crypto/ec/ec_err.c		diff \| blob \| history
crypto/rsa/rsa.h		diff \| blob \| history
crypto/rsa/rsa_eay.c		diff \| blob \| history
crypto/rsa/rsa_err.c		diff \| blob \| history
ssl/s2_clnt.c		diff \| blob \| history
ssl/s3_srvr.c		diff \| blob \| history
ssl/ssl_lib.c		diff \| blob \| history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom