From 2176e0cd52d68263d3d2ff39461442b734360fe1 Mon Sep 17 00:00:00 2001
From: simon <simon@FreeBSD.org>
Date: Thu, 1 Apr 2010 15:19:51 +0000
Subject: Merge OpenSSL 0.9.8n into head.

This fixes CVE-2010-0740 which only affected -CURRENT (OpenSSL 0.9.8m)
but not -STABLE branches.

I have not yet been able to find out if CVE-2010-0433 impacts FreeBSD.
This will be investigated further.

Security:	CVE-2010-0433, CVE-2010-0740
Security:	http://www.openssl.org/news/secadv_20100324.txt
---
 crypto/openssl/CHANGES | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'crypto/openssl/CHANGES')

diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index 97b3810..b350da7 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -2,6 +2,21 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
+
+  *) When rejecting SSL/TLS records due to an incorrect version number, never
+     update s->server with a new major version number.  As of
+     - OpenSSL 0.9.8m if 'short' is a 16-bit type,
+     - OpenSSL 0.9.8f if 'short' is longer than 16 bits,
+     the previous behavior could result in a read attempt at NULL when
+     receiving specific incorrect SSL/TLS records once record payload
+     protection is active.  (CVE-2010-0740)
+     [Bodo Moeller, Adam Langley <agl@chromium.org>]
+
+  *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL 
+     could be crashed if the relevant tables were not present (e.g. chrooted).
+     [Tomas Hoger <thoger@redhat.com>]
+
  Changes between 0.9.8l and 0.9.8m [25 Feb 2010]
 
   *) Always check bn_wexpend() return values for failure.  (CVE-2009-3245)
-- 
cgit v1.1