kookie
/
nomicon
1
0
Fork 0
Code Issues Projects Releases 1 Activity

openssl_3_0: 3.0.2 -> 3.0.3

Browse Source 
- The c_rehash script allows command injection (CVE-2022-1292)
- OCSP_basic_verify may incorrectly verify the response signing
  certificate (CVE-2022-1343)
- Incorrect MAC key used in the RC4-MD5 ciphersuite (CVE-2022-1434)
- Resource leakage when decoding certificates and keys (CVE-2022-1473)

https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html

Fixes: CVE-2022-1292, CVE-2022-1343, CVE-2022-1434, CVE-2022-1473
main
Martin Weinelt 2 years ago committed by Vladimír Čunát
parent 532330778c
commit c62eceb91e
No known key found for this signature in database
GPG Key ID: E747DF1F9575A3AA
1 changed files with 2 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      pkgs/development/libraries/openssl/default.nix

4
pkgs/development/libraries/openssl/default.nix
Unescape View File

@ -193,8 +193,8 @@ in {
};
openssl_3_0 = common {
version = "3.0.2";
sha256 = "sha256-mOkczq1NR1auPJzeXgkZGo5YbZ9NUIOOfsCdZBHf22M=";
version = "3.0.3";
sha256 = "sha256-7gB4rc7x3l8APGLIDMllJ3IWCcbzu0K3eV3zH4tVjAs=";
patches = [
./3.0/nix-ssl-cert-file.patch

Write Preview
Loading…
Cancel
Save