K 10
svn:author
V 7
delphij
K 8
svn:date
V 27
2016-03-07T16:18:07.152636Z
K 7
svn:log
V 752
Fix multiple OpenSSL vulnerabilities as published in
OpenSSL advisory on 2016/03/01:

constant-time MOD_EXP_CTIME_COPY_FROM_PREBUF.
[CVE-2016-0702, upstream d6482a8. 5ea08bd, d6d422e,
8fc8f48 317be63 skipped intentionally as we are not
using the code on FreeBSD.  Backport done by jkim@.

Fix memory issues in BIO_*printf functions.
[CVE-2016-0799, upstream d889682, a801bf2].

Fix BN_hex2bn/BN_dec2bn NULL ptr/heap corruption.
[CVE-2016-0797, upstream 8f65132].

Disable SSLv2 in default negotiation and weak ciphers.
[CVE-2016-0800 "DROWN", upstream 56f1acf5].  Note that
support of SSLv2 is not removed in order to preserve
ABI compatibility, and application may still explicitly
ask for vulnerable protocol or ciphers.

In collaboration with: jkim

END