-
Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.9.8e-29
- Mass rebuild 2014-01-24
-
Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.9.8e-28
- Mass rebuild 2013-12-27
-
Wed Jul 17 2013 Tomas Mraz <tmraz@redhat.com> 0.9.8e-27
- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)
- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)
- enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB
environment variable is set (fixes CVE-2012-4929 #857051)
- use secure_getenv() everywhere instead of getenv() (#839735)
-
Wed Jun 20 2012 Tomas Mraz <tmraz@redhat.com> 0.9.8e-26
- merge fixes from the latest openssl-0.9.8e package
-
Fri Apr 20 2012 Tomas Mraz <tmraz@redhat.com> 0.9.8e-18
- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)
-
Fri Apr 16 2010 Tomas Mraz <tmraz@redhat.com> 0.9.8e-17
- create compat package
-
Fri Mar 12 2010 Tomas Mraz <tmraz@redhat.com> 0.9.8e-16
- fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924)
-
Thu Mar 04 2010 Tomas Mraz <tmraz@redhat.com> 0.9.8e-15
- fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which
in the RHEL-5 and newer versions will crash in such case (#569774)
-
Thu Feb 18 2010 Tomas Mraz <tmraz@redhat.com> 0.9.8e-14
- fix CVE-2009-3555 - support the safe renegotiation extension and
do not allow legacy renegotiation on the server by default (#533125)
-
Thu Jan 14 2010 Tomas Mraz <tmraz@redhat.com> 0.9.8e-13
- fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197)
- fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data()
is called prematurely by application (#546707)