[ubuntu/groovy-security] openssl 1.1.1f-1ubuntu4.3 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Mar 25 14:23:01 UTC 2021
openssl (1.1.1f-1ubuntu4.3) groovy-security; urgency=medium
* SECURITY UPDATE: NULL pointer deref in signature_algorithms processing
- debian/patches/CVE-2021-3449-1.patch: fix NULL pointer dereference in
ssl/statem/extensions.c.
- debian/patches/CVE-2021-3449-2.patch: teach TLSProxy how to encrypt
<= TLSv1.2 ETM records in util/perl/TLSProxy/Message.pm.
- debian/patches/CVE-2021-3449-3.patch: add a test to
test/recipes/70-test_renegotiation.t.
- debian/patches/CVE-2021-3449-4.patch: ensure buffer/length pairs are
always in sync in ssl/s3_lib.c, ssl/ssl_lib.c,
ssl/statem/extensions.c, ssl/statem/extensions_clnt.c,
ssl/statem/statem_clnt.c, ssl/statem/statem_srvr.c.
- CVE-2021-3449
Date: 2021-03-23 11:07:09.878875+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu4.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Groovy-changes
mailing list