Return to errata57.html CVS log | Up to [local] / www |
version 1.14, 2015/06/11 18:10:53 | version 1.15, 2015/06/11 22:45:21 | ||
---|---|---|---|
|
|
||
<li>CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time | <li>CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time | ||
<li>CVE-2015-1792 - CMS verify infinite loop with unknown hash function | <li>CVE-2015-1792 - CMS verify infinite loop with unknown hash function | ||
</ul> | </ul> | ||
Note that CMS was already disabled in LibreSSL. | |||
Several other issues did not apply or were already fixed and one is under review.<br> | |||
For more information, see the | |||
<a href="https://www.openssl.org/news/secadv_20150611.txt">OpenSSL advisory</a>. | |||
<br> | |||
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/009_openssl.patch.sig"> | <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/009_openssl.patch.sig"> | ||
A source code patch exists which remedies this problem.</a> | A source code patch exists which remedies this problem.</a> | ||
<p> | <p> |