From c30d5eefc96925b4bef781806c7a0114eca1b8e0 Mon Sep 17 00:00:00 2001
From: marha <marha@users.sourceforge.net>
Date: Thu, 26 Jun 2014 09:30:29 +0200
Subject: Opdated to openssl-1.0.1h xkeyboard-config fontconfig libX11 libxcb
 xcb-proto mesa xserver git update 26 June 2014

xserver          commit a3b44ad8db1fa2f3b81c1ff9498f31c5323edd37
libxcb           commit 125135452a554e89e49448e2c1ee6658324e1095
libxcb/xcb-proto commit 84bfd909bc3774a459b11614cfebeaa584a1eb38
xkeyboard-config commit 39a226707b133ab5540c2d30176cb3857e74dcca
libX11           commit a4679baaa18142576d42d423afe816447f08336c
fontconfig       commit 274f2181f294af2eff3e8db106ec8d7bab2d3ff1
mesa             commit 9a8acafa47558cafeb37f80f4b30061ac1962c69
---
 openssl/CHANGES | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

(limited to 'openssl/CHANGES')

diff --git a/openssl/CHANGES b/openssl/CHANGES
index 4fcfd1d4b..d161ecaf2 100644
--- a/openssl/CHANGES
+++ b/openssl/CHANGES
@@ -2,6 +2,50 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 1.0.1g and 1.0.1h [5 Jun 2014]
+
+  *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
+     handshake can force the use of weak keying material in OpenSSL
+     SSL/TLS clients and servers.
+
+     Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and
+     researching this issue. (CVE-2014-0224)
+     [KIKUCHI Masashi, Steve Henson]
+
+  *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an
+     OpenSSL DTLS client the code can be made to recurse eventually crashing
+     in a DoS attack.
+
+     Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
+     (CVE-2014-0221)
+     [Imre Rad, Steve Henson]
+
+  *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can
+     be triggered by sending invalid DTLS fragments to an OpenSSL DTLS
+     client or server. This is potentially exploitable to run arbitrary
+     code on a vulnerable client or server.
+
+     Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195)
+     [Jüri Aedla, Steve Henson]
+
+  *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites
+     are subject to a denial of service attack.
+
+     Thanks to Felix Gröbert and Ivan Fratric at Google for discovering
+     this issue. (CVE-2014-3470)
+     [Felix Gröbert, Ivan Fratric, Steve Henson]
+
+  *) Harmonize version and its documentation. -f flag is used to display
+     compilation flags.
+     [mancha <mancha1@zoho.com>]
+
+  *) Fix eckey_priv_encode so it immediately returns an error upon a failure
+     in i2d_ECPrivateKey.
+     [mancha <mancha1@zoho.com>]
+
+  *) Fix some double frees. These are not thought to be exploitable.
+     [mancha <mancha1@zoho.com>]
+
  Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
 
   *) A missing bounds check in the handling of the TLS heartbeat extension
-- 
cgit v1.2.3