[tor-commits] [tor/release-0.2.2] Use correct CVE number for CVE-2011-4576. Found by fermenthor. bug 5066
arma at torproject.org
arma at torproject.org
Wed Feb 29 18:25:44 UTC 2012
commit 2da0efb547b70a7caed59097036d1e59859a4b35
Author: Nick Mathewson <nickm at torproject.org>
Date: Fri Feb 10 10:55:39 2012 -0500
Use correct CVE number for CVE-2011-4576. Found by fermenthor. bug 5066
---
src/common/tortls.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/common/tortls.c b/src/common/tortls.c
index d766377..4c9d218 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -72,7 +72,7 @@
(OPENSSL_VERSION_NUMBER >= 0x00909000L && \
OPENSSL_VERSION_NUMBER < 0x1000006fL))
/* This is a version of OpenSSL before 0.9.8s/1.0.0f. It does not have
- * the CVE-2011-4657 fix, and as such it can't use RELEASE_BUFFERS and
+ * the CVE-2011-4576 fix, and as such it can't use RELEASE_BUFFERS and
* SSL3 safely at the same time.
*/
#define DISABLE_SSL3_HANDSHAKE
@@ -797,9 +797,9 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime,
SSLeay() < 0x0090813fL ||
(SSLeay() >= 0x00909000L &&
SSLeay() < 0x1000006fL)) {
- /* And not SSL3 if it's subject to CVE-2011-4657. */
+ /* And not SSL3 if it's subject to CVE-2011-4576. */
log_info(LD_NET, "Disabling SSLv3 because this OpenSSL version "
- "might otherwise be vulnerable to CVE-2011-4657 "
+ "might otherwise be vulnerable to CVE-2011-4576 "
"(compile-time version %08lx (%s); "
"runtime version %08lx (%s))",
(unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,
More information about the tor-commits
mailing list