security/openssl: 1.0.1f - fixes 3 CVEs and a bug
Barry Allard
barry.allard at gmail.com
Wed Jan 8 07:14:50 UTC 2014
> Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
>
> - Don't include gmt_unix_time in TLS server and client random values
> - Fix for TLS record tampering bug CVE-2013-4353
> - Fix for TLS version checking bug CVE-2013-6449
> - Fix for DTLS retransmission bug CVE-2013-6450
https://www.openssl.org/news/openssl-1.0.1-notes.html
BR,
Barry Allard
---
Maintainer details:
http://www.openssl.org/source/openssl-1.0.1f.tar.gz
sha256: 6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5a
sha1: 9ef09e97dfc9f14ac2c042f3b7e301098794fc0f
gpg:
http://www.openssl.org/source/openssl-1.0.1f.tar.gz.asc
https://www.openssl.org/docs/misc/fingerprints.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20140107/89b422fa/attachment.sig>
More information about the freebsd-ports
mailing list