security/openssl: 1.0.1f - fixes 3 CVEs and a bug

Tue, 07 Jan 2014 23:16:01 -0800 

> Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
> 
>     - Don't include gmt_unix_time in TLS server and client random values
>     - Fix for TLS record tampering bug CVE-2013-4353
>     - Fix for TLS version checking bug CVE-2013-6449
>     - Fix for DTLS retransmission bug CVE-2013-6450 

https://www.openssl.org/news/openssl-1.0.1-notes.html

BR,
Barry Allard

---

Maintainer details:

http://www.openssl.org/source/openssl-1.0.1f.tar.gz

  sha256: 6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5a
  sha1: 9ef09e97dfc9f14ac2c042f3b7e301098794fc0f

  gpg:
  http://www.openssl.org/source/openssl-1.0.1f.tar.gz.asc
  https://www.openssl.org/docs/misc/fingerprints.txt

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Reply via email to