d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8978d9e7ef
freebsd-dev/crypto/openssl/ssl
History
Simon L. B. Nielsen 8978d9e7ef Prevent cross-site forgery attacks on lukemftpd(8) due to splitting 
long commands into multiple requests. [09:01]

Fix incorrect OpenSSL checks for malformed signatures due to invalid
check of return value from EVP_VerifyFinal(), DSA_verify, and
DSA_do_verify. [09:02]

Security:	FreeBSD-SA-09:01.lukemftpd
Security:	FreeBSD-SA-09:02.openssl
Obtained from:	NetBSD [SA-09:01]
Obtained from:	OpenSSL Project [SA-09:02]
Approved by:	so (simon)
2009-01-07 20:17:55 +00:00
..
bio_ssl.c Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
d1_both.c Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch. 2007-10-18 20:19:33 +00:00
d1_clnt.c Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
d1_enc.c Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
d1_lib.c Vendor import of OpenSSL 0.9.8e. 2007-03-15 20:03:30 +00:00
d1_meth.c Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
d1_pkt.c Vendor import of OpenSSL 0.9.8e. 2007-03-15 20:03:30 +00:00
d1_srvr.c Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
dtls1.h Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch. 2007-10-18 20:19:33 +00:00
kssl_lcl.h Vendor import of OpenSSL release 0.9.7. This release includes 2003-01-28 21:43:22 +00:00
kssl.c Vendor import of OpenSSL 0.9.8e. 2007-03-15 20:03:30 +00:00
kssl.h Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
Makefile Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
s2_clnt.c Prevent cross-site forgery attacks on lukemftpd(8) due to splitting 2009-01-07 20:17:55 +00:00
s2_enc.c Resolve conflicts after import of OpenSSL 0.9.8e. 2007-03-15 20:07:27 +00:00
s2_lib.c Resolve conflicts after import of OpenSSL 0.9.8e. 2007-03-15 20:07:27 +00:00
s2_meth.c Resolve conflicts after import of OpenSSL 0.9.8b. 2006-07-29 19:14:51 +00:00
s2_pkt.c Resolve conflicts after import of OpenSSL 0.9.7d. 2004-03-17 17:44:39 +00:00
s2_srvr.c Prevent cross-site forgery attacks on lukemftpd(8) due to splitting 2009-01-07 20:17:55 +00:00
s3_both.c Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
s3_clnt.c Prevent cross-site forgery attacks on lukemftpd(8) due to splitting 2009-01-07 20:17:55 +00:00
s3_enc.c Vendor import of OpenSSL 0.9.8e. 2007-03-15 20:03:30 +00:00
s3_lib.c Vendor import of OpenSSL 0.9.8e. 2007-03-15 20:03:30 +00:00
s3_meth.c Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
s3_pkt.c Vendor import of OpenSSL 0.9.8e. 2007-03-15 20:03:30 +00:00
s3_srvr.c Prevent cross-site forgery attacks on lukemftpd(8) due to splitting 2009-01-07 20:17:55 +00:00
s23_clnt.c Resolve conflicts after import of OpenSSL 0.9.8e. 2007-03-15 20:07:27 +00:00
s23_lib.c Resolve conflicts after import of OpenSSL 0.9.8b. 2006-07-29 19:14:51 +00:00
s23_meth.c Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
s23_pkt.c Vendor import of OpenSSL release 0.9.7. This release includes 2003-01-28 21:43:22 +00:00
s23_srvr.c Resolve conflicts after import of OpenSSL 0.9.8e. 2007-03-15 20:07:27 +00:00
ssl2.h Vendor import of OpenSSL release 0.9.7. This release includes 2003-01-28 21:43:22 +00:00
ssl3.h Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
ssl23.h
ssl_algs.c Vendor import of OpenSSL 0.9.8d. 2006-10-01 07:38:44 +00:00
ssl_asn1.c Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
ssl_cert.c Vendor import of OpenSSL 0.9.8d. 2006-10-01 07:38:44 +00:00
ssl_ciph.c Vendor import of OpenSSL 0.9.8e. 2007-03-15 20:03:30 +00:00
ssl_err2.c Vendor import of OpenSSL release 0.9.7. This release includes 2003-01-28 21:43:22 +00:00
ssl_err.c Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch. 2007-10-18 20:19:33 +00:00
ssl_lib.c Correct a buffer overflow in OpenSSL SSL_get_shared_ciphers(). 2007-10-03 21:38:57 +00:00
ssl_locl.h Vendor import of OpenSSL 0.9.8d. 2006-10-01 07:38:44 +00:00
ssl_rsa.c Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
ssl_sess.c Vendor import of OpenSSL 0.9.8e. 2007-03-15 20:03:30 +00:00
ssl_stat.c Vendor import of OpenSSL release 0.9.7. This release includes 2003-01-28 21:43:22 +00:00
ssl_task.c Vendor import of OpenSSL release 0.9.7. This release includes 2003-01-28 21:43:22 +00:00
ssl_txt.c Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
ssl.h Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch. 2007-10-18 20:19:33 +00:00
ssltest.c Prevent cross-site forgery attacks on lukemftpd(8) due to splitting 2009-01-07 20:17:55 +00:00
t1_clnt.c Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
t1_enc.c Vendor import of OpenSSL 0.9.8e. 2007-03-15 20:03:30 +00:00
t1_lib.c Vendor import of OpenSSL 0.9.8e. 2007-03-15 20:03:30 +00:00
t1_meth.c Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
t1_srvr.c Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
tls1.h Vendor import of OpenSSL 0.9.8d. 2006-10-01 07:38:44 +00:00