- 23 Apr, 2012 6 commits
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an int in OpenSSL 0.9.8, making it still vulnerable. Fix by rejecting negative len parameter. Thanks to the many people who reported this bug and to Tomas Hoger <thoger@redhat.com> for supplying the fix.
-
- 22 Apr, 2012 2 commits
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- 19 Apr, 2012 5 commits
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer in CRYPTO_realloc_clean. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
-
- 15 Apr, 2012 1 commit
-
-
Dr. Stephen Henson authored
-
- 31 Mar, 2012 1 commit
-
-
Dr. Stephen Henson authored
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com> Time is always encoded as 4 bytes, not sizeof(Time).
-
- 18 Mar, 2012 1 commit
-
-
Dr. Stephen Henson authored
the old code came from SSLeay days before TLS was even supported.
-
- 12 Mar, 2012 8 commits
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
continue with symmetric decryption process to avoid leaking timing information to an attacker. Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this issue. (CVE-2012-0884)
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- 09 Mar, 2012 1 commit
-
-
Dr. Stephen Henson authored
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix DTLS timeout handling.
-
- 08 Mar, 2012 1 commit
-
-
Dr. Stephen Henson authored
-
- 07 Mar, 2012 1 commit
-
-
Dr. Stephen Henson authored
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reduce MTU after failed transmissions. [0.9.8 version of patch]
-
- 06 Mar, 2012 6 commits
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reduce MTU after failed transmissions.
-
Dr. Stephen Henson authored
Fix inverted range problem in RFC3779 code. Thanks to Andrew Chi for generating test cases for this bug. [from HEAD]
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix possible DTLS timer deadlock.
-
- 28 Feb, 2012 1 commit
-
-
Dr. Stephen Henson authored
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
-
- 27 Feb, 2012 2 commits
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
-
- 23 Feb, 2012 1 commit
-
-
Dr. Stephen Henson authored
Submitted by: Tomas Mraz <tmraz@redhat.com> Tolerate bad MIME headers in parser.
-
- 16 Feb, 2012 1 commit
-
-
Dr. Stephen Henson authored
before rejecting multiple SGC restarts.
-
- 11 Feb, 2012 2 commits
-
-
Dr. Stephen Henson authored
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com> Fix some memory and resource leaks in CAPI ENGINE.
-
Dr. Stephen Henson authored
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com> Only create ex_data indices once for CAPI engine.
-