mirror of
https://git.openwrt.org/openwrt/openwrt.git
synced 2026-02-06 12:10:53 +01:00
df6db01f4f
This release incorporates the following bug fixes and mitigations: fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification. (CVE-2025-11187) fixed Stack buffer overflow in CMS AuthEnvelopedData parsing. (CVE-2025-15467) fixed NULL dereference in SSL_CIPHER_find () function on unknown cipher ID. (CVE-2025-15468) fixed openssl dgst one-shot codepath silently truncates inputs >16 MiB. (CVE-2025-15469) fixed TLS 1.3 CompressedCertificate excessive memory allocation. (CVE-2025-66199) fixed Heap out-of-bounds write in BIO_f_linebuffer on short writes. (CVE-2025-68160) fixed Unauthenticated/unencrypted trailing bytes with low-level OCB function calls. (CVE-2025-69418) fixed Out of bounds write in PKCS12_get_friendlyname () UTF-8 conversion. (CVE-2025-69419) fixed Missing ASN1_TYPE validation in TS_RESP_verify_response () function. (CVE-2025-69420) fixed NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex () function. (CVE-2025-69421) fixed Missing ASN1_TYPE validation in PKCS#12 parsing. (CVE-2026-22795) fixed ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes () function. (CVE-2026-22796) Adjust patches due to formatting changes. Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com> Link: https://github.com/openwrt/openwrt/pull/21752 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> |
||
|---|---|---|
| .. | ||
| 010-fix-aes-gcm-siv-cipher.patch | ||
| 100-Configure-afalg-support.patch | ||
| 110-openwrt_targets.patch | ||
| 120-strip-cflags-from-binary.patch | ||
| 130-dont-build-fuzz-docs.patch | ||
| 140-allow-prefer-chacha20.patch | ||
| 150-openssl.cnf-add-engines-conf.patch | ||
| 500-e_devcrypto-default-to-not-use-digests-in-engine.patch | ||
| 510-e_devcrypto-ignore-error-when-closing-session.patch | ||