- May 10, 2012
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
to fix DoS attack. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. (CVE-2012-2333)
-
Dr. Stephen Henson authored
Make sure tkeylen is initialised properly when encrypting CMS messages.
-
- May 04, 2012
-
-
Richard Levitte authored
-
- Apr 23, 2012
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an int in OpenSSL 0.9.8, making it still vulnerable. Fix by rejecting negative len parameter. Thanks to the many people who reported this bug and to Tomas Hoger <thoger@redhat.com> for supplying the fix.
-
- Apr 22, 2012
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Apr 19, 2012
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer in CRYPTO_realloc_clean. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
-
- Apr 15, 2012
-
-
Dr. Stephen Henson authored
-
- Mar 31, 2012
-
-
Dr. Stephen Henson authored
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com> Time is always encoded as 4 bytes, not sizeof(Time).
-
- Mar 18, 2012
-
-
Dr. Stephen Henson authored
the old code came from SSLeay days before TLS was even supported.
-
- Mar 12, 2012
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
continue with symmetric decryption process to avoid leaking timing information to an attacker. Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this issue. (CVE-2012-0884)
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Mar 09, 2012
-
-
Dr. Stephen Henson authored
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix DTLS timeout handling.
-
- Mar 08, 2012
-
-
Dr. Stephen Henson authored
-
- Mar 07, 2012
-
-
Dr. Stephen Henson authored
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reduce MTU after failed transmissions. [0.9.8 version of patch]
-
- Mar 06, 2012
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reduce MTU after failed transmissions.
-
Dr. Stephen Henson authored
Fix inverted range problem in RFC3779 code. Thanks to Andrew Chi for generating test cases for this bug. [from HEAD]
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix possible DTLS timer deadlock.
-
- Feb 28, 2012
-
-
Dr. Stephen Henson authored
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
-