Projects / mod_ssl / Releases / Minor security fixes

RSS All releases tagged Minor security fixes

  •  02 Sep 2005 14:46

Release Notes: A security issue (CAN-2005-2700) has been fixed where "SSLVerifyClient require" was not enforced in per-location context if "SSLVerifyClient optional" was configured in the global virtual host configuration.

  •  17 Jul 2004 03:50

Release Notes: Fixed a security bug caused by a format string vulnerability.

  •  24 Jun 2002 08:38

Release Notes: An off-by-one buffer overflow bug in the compatibility functionality (mapping of old directives to new ones) was fixed. A memory leak in processing of CA certificates was fixed. In case there is actually a certificate chain in the session cache, the value of SSL_get_peer_certificate(ssl) is now used to verify, as it will have been removed from the chain before it was put in the cache. The PRNG is now seeded with a maximum of 1K from the internal scoreboard.

  •  23 Feb 2002 14:55

Release Notes: Support for the latest OpenSSL 0.9.7 snapshots, a fix for a potential buffer overflow in DBM and SHMHT session cache if very large certificate chains are used, compliance with POSIX 1003.1-2001 (SUSv3) by replacing obsolete "head -1" and "tail -1" constructs with sed variants in scripts, and a fix for file descriptor leakage under Win32.


Project Spotlight


A news reader.


Project Spotlight

Mutt Folder List

A mutt patch that adds a sidebar showing all mail folders.