Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 17862
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Daniel Ahlberg (RETIRED) <aliz@gentoo.org>
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 17862 depends on: Show dependency tree
Bug 17862 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2003-03-20 04:20 0000 
[prev in list] [next in list] [prev in thread] [next in thread]  
 
List:     apache-modssl 
Subject:  [ANNOUNCE] mod_ssl 2.8.13 
From:     "Ralf S. Engelschall" <rse () engelschall ! com> 
Date:     2003-03-18 14:43:16 
[Download message RAW] 
 
Another maintainance release of mod_ssl 2.8 for Apache 1.3 delivers to 
you mod_ssl 2.8.13 for Apache 1.3.27. Changes are listed below. Grab it 
from the following locations: 
 
o http://www.modssl.org/source/ 
o  ftp://ftp.modssl.org/source/ 
 
Yours, 
                                       Ralf S. Engelschall 
                                       rse@engelschall.com 
                                       www.engelschall.com 
 
  Changes with mod_ssl 2.8.13 (23-Oct-2002 to 18-Mar-2003) 
 
   *) Always enforce RSA blinding on RSA private keys in order to be 
      resistent to timing attacks. 
 
   *) Added timeout also to the "pre-sucking" of the trailing data in 
      POST request handling. 
 
   *) Correctly shutdown shared memory pools on fork+exec situations. 
 
   *) Bugfix SSL client certificate verification: OpenSSL was not 
      informed with SSL_set_verify_result(ssl, X509_V_OK) in case 
      mod_ssl forced the verification to be ok. 
 
   *) Consistently use OPENSSL_free() instead of plain free() to 
      deallocate memory chunks allocated inside OpenSSL. 
 
   *) Fixed various memory leaks related to X509 certificates. 
______________________________________________________________________ 
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org 
Official Announcement Mailing List          modssl-announce@modssl.org 
Automated List Manager                            majordomo@modssl.org 
[prev in list] [next in list] [prev in thread] [next in thread]  
 
 
 Configure Your Environment | About MARC | We're Hiring! | Want to add a list? Tell us about it. | 
10East

------- Comment #1 From Richard Liu 2003-03-24 22:18:37 0000 ------- 
Today is 2003/03/25 
but mod_ssl in portage not upgrade 

brief changlog 
======
   *) Fixed logic in the destruction of a temporary certificate
      structure and this way avoid a crash due to freeing NULL object.

   *) Removed one newly introduced X509_free() call in the context of
      SSL_get_certificate(), because this function does not increment a
      reference count (although SSL_get_peer_certificate() does).

   *) Fixed hash-table based shared memory session cache (shmht)
      implementation by making sure that the underlying hash table
      library does not crash if memory cannot be allocated.
=========

------- Comment #2 From Daniel Ahlberg (RETIRED) 2003-03-25 05:14:35 0000 ------- 
glsa sent
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug