Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / openssl / f2ee5ff35ed7f2d8743bf56059a1d6d88a2383c3^! / .
commitf2ee5ff35ed7f2d8743bf56059a1d6d88a2383c3[log] [tgz]
authorBrian Carlstrom <bdc@google.com>Tue Mar 30 09:41:16 2010 -0700
committerBrian Carlstrom <bdc@google.com>Tue Mar 30 09:41:16 2010 -0700
tree89fd6d16a91934ebf24836dd20cd436361b371b4
parentcb10715cbfca3534fb93aef2a3bc2e15265524d1 [diff]
Update external/openssl with Common Vulnerabilities and Exposures (CVE) information

Change-Id: If7d1a6d23fc1aaba72d4de713b0fdbf367560a30

diff --git a/README.android b/README.android
index cc43cac..7944ebb 100644
--- a/README.android
+++ b/README.android

@@ -3,6 +3,8 @@
 
 The code in this directory is based on $OPENSSL_VERSION in the file
 openssl.config, and some backported OpenSSL code in crypto/0.9.9-dev.
+See patches/README for more information on how the code differs from
+$OPENSSL_VERSION.
 
 Porting New Versions of OpenSSL.
 --

diff --git a/patches/README b/patches/README
index 98b8b75..3ad05a5 100644
--- a/patches/README
+++ b/patches/README

@@ -34,6 +34,7 @@
 
 bad_version.patch
 
+Addresses CVE-2010-0740 http://www.openssl.org/news/secadv_20100324.txt
 A peer can send us a mal-formed packet and we'll copy its 'version'
 number in order to send an error back. However, if the version number
 is an internal OpenSSL value (like DTLS1_VERSION) then we'll assume