[openssl/openssl] fe3b63: Fix CVE-2022-3602 in punycode decoder.
Tomáš Mráz
noreply at github.com
Tue Nov 1 15:56:02 UTC 2022
Branch: refs/heads/openssl-3.0
Home: https://github.com/openssl/openssl
Commit: fe3b639dc19b325846f4f6801f2f4604f56e3de3
https://github.com/openssl/openssl/commit/fe3b639dc19b325846f4f6801f2f4604f56e3de3
Author: Pauli <pauli at openssl.org>
Date: 2022-11-01 (Tue, 01 Nov 2022)
Changed paths:
M crypto/punycode.c
Log Message:
-----------
Fix CVE-2022-3602 in punycode decoder.
An off by one error in the punycode decoder allowed for a single unsigned int
overwrite of a buffer which could cause a crash and possible code execution.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Commit: c42165b5706e42f67ef8ef4c351a9a4c5d21639a
https://github.com/openssl/openssl/commit/c42165b5706e42f67ef8ef4c351a9a4c5d21639a
Author: Pauli <pauli at openssl.org>
Date: 2022-11-01 (Tue, 01 Nov 2022)
Changed paths:
M crypto/punycode.c
Log Message:
-----------
Fix CVE-2022-3786 in punycode decoder.
Fixed the ossl_a2ulabel() function which also contained a potential
buffer overflow, albeit without control of the contents.
This overflow could result in a crash (causing a denial of service).
The function also did not NUL-terminate the output in some cases.
The two issues fixed here were dentified and reported
by Viktor Dukhovni while researching CVE-2022-3602.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Commit: f0f530216bf93e9cdc9c2c9e3c095229d216da15
https://github.com/openssl/openssl/commit/f0f530216bf93e9cdc9c2c9e3c095229d216da15
Author: Pauli <pauli at openssl.org>
Date: 2022-11-01 (Tue, 01 Nov 2022)
Changed paths:
M test/build.info
A test/punycode_test.c
A test/recipes/04-test_punycode.t
Log Message:
-----------
punycode: add unit tests
These tests verify basic functionality and specifically test for
CVE-2022-3602.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Commit: cf889ec8d9e9bb89f012b4e610c702e2656674fd
https://github.com/openssl/openssl/commit/cf889ec8d9e9bb89f012b4e610c702e2656674fd
Author: Tomas Mraz <tomas at openssl.org>
Date: 2022-11-01 (Tue, 01 Nov 2022)
Changed paths:
M CHANGES.md
M NEWS.md
Log Message:
-----------
Update CHANGES.md and NEWS.md for new release
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
Commit: 2fa4bde72648ad2960c46eab4ef0cf412cf598a8
https://github.com/openssl/openssl/commit/2fa4bde72648ad2960c46eab4ef0cf412cf598a8
Author: Tomas Mraz <tomas at openssl.org>
Date: 2022-11-01 (Tue, 01 Nov 2022)
Changed paths:
M apps/openssl.c
M crypto/punycode.c
M crypto/txt_db/txt_db.c
M crypto/x509/x_name.c
M doc/man1/openssl-list.pod.in
M doc/man3/CMS_add0_cert.pod
M doc/man3/CMS_verify.pod
M doc/man3/DEFINE_STACK_OF.pod
M doc/man3/OPENSSL_init_crypto.pod
M doc/man3/PKCS7_sign.pod
M doc/man3/PKCS7_sign_add_signer.pod
M doc/man3/PKCS7_verify.pod
M doc/man7/EVP_CIPHER-AES.pod
M doc/man7/EVP_MD-RIPEMD160.pod
M include/openssl/err.h.in
M providers/defltprov.c
M providers/implementations/rands/seeding/rand_vms.c
M test/recipes/30-test_evp_data/evpmd_ripemd.txt
M test/recipes/70-test_key_share.t
M test/recipes/95-test_external_pyca_data/cryptography.sh
M test/recordlentest.c
M test/sslcorrupttest.c
M test/testutil/driver.c
Log Message:
-----------
Update copyright year
Reviewed-by: Richard Levitte <levitte at openssl.org>
Release: yes
Commit: 4539f7486b857a1e3fb58e109964f3d31def23f4
https://github.com/openssl/openssl/commit/4539f7486b857a1e3fb58e109964f3d31def23f4
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: 2022-11-01 (Tue, 01 Nov 2022)
Changed paths:
M providers/fips-sources.checksums
M providers/fips.checksum
Log Message:
-----------
make update
Reviewed-by: Richard Levitte <levitte at openssl.org>
Release: yes
Commit: 19cc035b6c6f2283573d29c7ea7f7d675cf750ce
https://github.com/openssl/openssl/commit/19cc035b6c6f2283573d29c7ea7f7d675cf750ce
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: 2022-11-01 (Tue, 01 Nov 2022)
Changed paths:
M CHANGES.md
M NEWS.md
M VERSION.dat
Log Message:
-----------
Prepare for release of 3.0.7
Reviewed-by: Richard Levitte <levitte at openssl.org>
Release: yes
Commit: 7bfbf68ad045d4e19ca4a8ca1ef2aedbd06ff039
https://github.com/openssl/openssl/commit/7bfbf68ad045d4e19ca4a8ca1ef2aedbd06ff039
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: 2022-11-01 (Tue, 01 Nov 2022)
Changed paths:
M CHANGES.md
M NEWS.md
M VERSION.dat
Log Message:
-----------
Prepare for 3.0.8
Reviewed-by: Richard Levitte <levitte at openssl.org>
Release: yes
Compare: https://github.com/openssl/openssl/compare/4bae06d47ae2...7bfbf68ad045
More information about the openssl-commits
mailing list