upgrade to OpenSSL 1.0.2i

* OCSP Status Request extension unbounded memory growth (CVE-2016-6304) * SSL_peek() hang on empty record (CVE-2016-6305) * SWEET32 Mitigation (CVE-2016-2183) * OOB write in MDC2_Update() (CVE-2016-6303) * Malformed SHA512 ticket DoS (CVE-2016-6302) * OOB write in BN_bn2dec() (CVE-2016-2182) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) * Pointer arithmetic undefined behaviour (CVE-2016-2177) * Constant time flag not preserved in DSA signing (CVE-2016-2178) * DTLS buffered message DoS (CVE-2016-2179) * DTLS replay protection DoS (CVE-2016-2181) * Certificate message OOB reads (CVE-2016-6306) * Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307) * Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308) https://www.openssl.org/news/secadv/20160922.txt Signed-off-by: Robb Kidd <rkidd@chef.io>
chef · Sep 22, 2016 · 7aee4c5 · 7aee4c5
1 parent be7bf10
commit 7aee4c5
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/omnibus/config/projects/supermarket.rb b/omnibus/config/projects/supermarket.rb
@@ -34,7 +34,7 @@
 override :git, version: "2.2.1"
 override :'chef-gem', version: '12.13.37'
 override :redis, version: '2.8.21'
-override :openssl, version: '1.0.2h'
+override :openssl, version: '1.0.2i'
 
 # pin berks to keep net-ssh at 2.9.2 as expected by Supermarket
 # chef, net-ssh, berks and rspec have gotten tangled