security/openssl: 1.0.1f - fixes 3 CVEs and a bug

Barry Allard barry.allard at gmail.com
Wed Jan 8 07:14:50 UTC 2014


> Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
> 
>     - Don't include gmt_unix_time in TLS server and client random values
>     - Fix for TLS record tampering bug CVE-2013-4353
>     - Fix for TLS version checking bug CVE-2013-6449
>     - Fix for DTLS retransmission bug CVE-2013-6450 

https://www.openssl.org/news/openssl-1.0.1-notes.html

BR,
Barry Allard

---

Maintainer details:

http://www.openssl.org/source/openssl-1.0.1f.tar.gz

  sha256: 6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5a
  sha1: 9ef09e97dfc9f14ac2c042f3b7e301098794fc0f

  gpg:
  http://www.openssl.org/source/openssl-1.0.1f.tar.gz.asc
  https://www.openssl.org/docs/misc/fingerprints.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20140107/89b422fa/attachment.sig>


More information about the freebsd-ports mailing list