[3.2] openssl: Missing CRL sanity check (CVE-2016-7052)
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
OpenSSL 1.0.2i users should upgrade to 1.0.2j
Reference:
https://www.openssl.org/news/secadv/20160926.txt
(from redmine: issue id 6243, created on 2016-09-28, closed on 2016-10-18)
- Relations:
- parent #6240 (closed)
- Changesets:
- Revision 4376edf0 by Natanael Copa on 2016-10-18T09:07:28Z:
main/openssl: security upgrade to 1.0.2j (CVE-2016-7052)
fixes #6243