Skip to content
  1. Jun 05, 2014
    • Dr. Stephen Henson's avatar
      Additional CVE-2014-0224 protection. · a7c682fb
      Dr. Stephen Henson authored
      Return a fatal error if an attempt is made to use a zero length
      master secret.
      (cherry picked from commit 006cd708)
      a7c682fb
    • Dr. Stephen Henson's avatar
      Fix CVE-2014-0221 · b4322e1d
      Dr. Stephen Henson authored
      Unnecessary recursion when receiving a DTLS hello request can be used to
      crash a DTLS client. Fixed by handling DTLS hello request without recursion.
      
      Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
      (cherry picked from commit d3152655d5319ce883c8e3ac4b99f8de4c59d846)
      b4322e1d
    • Dr. Stephen Henson's avatar
      Fix CVE-2014-3470 · a5362db4
      Dr. Stephen Henson authored
      Check session_cert is not NULL before dereferencing it.
      (cherry picked from commit 8011cd56)
      a5362db4
  2. Jun 04, 2014
  3. Jun 03, 2014
  4. Jun 02, 2014
  5. Jun 01, 2014