git: DragonFly_RELEASE_5_8 libressl: fix CVE-2020-1971

Daniel Fojt deef at crater.dragonflybsd.org
Fri Dec 11 01:59:08 PST 2020


commit b6b1b27b903dd02b59156058defc4804eda88f0c
Author: Daniel Fojt <df at neosystem.org>
Date:   Thu Dec 10 23:36:45 2020 +0100

    libressl: fix CVE-2020-1971
    
    Malformed ASN.1 in a certificate revocation list or a timestamp
    response token can lead to a NULL pointer dereference.

Summary of changes:
 crypto/libressl/crypto/asn1/asn1_err.c  |  3 +-
 crypto/libressl/crypto/asn1/asn1_lib.c  |  4 ++-
 crypto/libressl/crypto/asn1/tasn_dec.c  | 22 +++++++++++++-
 crypto/libressl/crypto/asn1/tasn_enc.c  | 21 ++++++++++++-
 crypto/libressl/crypto/x509v3/v3_genn.c | 52 +++++++++++++++++++++++++++++----
 crypto/libressl/include/openssl/asn1.h  |  3 +-
 6 files changed, 94 insertions(+), 11 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/b6b1b27b903dd02b59156058defc4804eda88f0c


-- 
DragonFly BSD source repository


More information about the Commits mailing list