[OpenWrt-Devel] [CC 15.05] wolfssl: Security update (2 CVEs)
jow at openwrt.org
jow at openwrt.org
Wed Mar 2 05:23:10 EST 2016
The wolfssl package has been rebuilt and was uploaded to the Chaos
Calmer 15.05 repository due to multiple security issues.
VERSION
3.3.0-2 => 3.8.0-2
CHANGELOG
[Wed, 2 Mar 2016 10:01:48 +0000 cb7a26c]
Cyassl: disable Intel ASM for now
With ASM support enabled, CyaSSL fails to build on all x86 subtargets.
[Tue, 1 Mar 2016 22:50:29 +0000 eaa864e]
Backport of: r46167: cyassl: version bump to 3.4.6 r46168: cyassl:
update to wolfssl 3.6.0 r46551: cyassl: the upstream package in version
4.6.0 changed r47791: cyassl: update to wolfSSL version 3.7.0 This
version and version 3.6.8 are fixing the following security problems:
* CVE-2015-7744
* CVE-2015-6925
r48616: cyassl: update to wolfssl version 3.8.0
CHANGES
package/libs/cyassl/Makefile | 27 ++++++++++++-----
.../cyassl/patches/100-respect_cflags.patch | 11 -------
.../200-SSL_accept-handle-hello-garbage.patch | 13 --------
.../300-SSL_set_tlsext_host_name.patch | 23 +++++++++-----
.../400-additional_compatibility.patch | 12 ++++++++
5 files changed, 47 insertions(+), 39 deletions(-)
REFERENCES
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6925
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7744
* http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=eaa864e6c0d081b9745a38f806a0f6822f47454d
* http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=cb7a26ca69e85585227134fc0f4ff756baac43e3
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list