[MacPorts] #55264: libressl @2.5.5: update to 2.6.5 (was: libressl @2.5.5: update to 2.6.4)
MacPorts
noreply at macports.org
Sun Jul 1 01:36:09 UTC 2018
#55264: libressl @2.5.5: update to 2.6.5
-----------------------+----------------------
Reporter: l2dy | Owner: jeremyhu
Type: update | Status: new
Priority: Normal | Milestone:
Component: ports | Version:
Resolution: | Keywords: security
Port: libressl |
-----------------------+----------------------
Changes (by l2dy):
* keywords: => security
Comment:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.5-relnotes.txt
>We have released LibreSSL 2.6.5, a security update for the
>2.6.x series. It contains the following changes:
>
> * Avoid a timing side-channel leak when generating DSA and ECDSA
> signatures. This is caused by an attempt to do fast modular
> arithmetic, which introduces branches that leak information
> regarding secret values. Issue identified and reported by Keegan
> Ryan of NCC Group.
>
> * Reject excessively large primes in DH key generation. Problem
> reported by Guido Vranken to OpenSSL
> (https://github.com/openssl/openssl/pull/6457) and based on his
> diff.
--
Ticket URL: <https://trac.macports.org/ticket/55264#comment:17>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list