Bump openssl version to 1.0.2l (!1776) · Merge requests · GitLab.org / omnibus-gitlab

Balasankar C requested to merge bump-openssl into master Jul 20, 2017

Nothing looks problematic in upstream changelog.

## Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l
 * config now recognises 64-bit mingw and chooses mingw64 instead of mingw
## Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k
 * Truncated packet could crash via OOB read (CVE-2017-3731)
 * BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
 * Montgomery multiplication may produce incorrect results (CVE-2016-7055)

Edited Jul 20, 2017 by Balasankar C

Admin message

Admin message

Bump openssl version to 1.0.2l

Merge request reports