Ubuntu
openssl package

openssl 0.9.8a-7ubuntu0.2 source package in Ubuntu

Changelog

openssl (0.9.8a-7ubuntu0.2) dapper-security; urgency=low

  * SECURITY UPDATE: Remote arbitrary code execution, remote DoS.
  * crypto/asn1/tasn_dec.c, asn1_d2i_ex_primitive(): Initialize 'ret' to avoid
    an infinite loop in some circumstances. [CVE-2006-2937]
  * ssl/ssl_lib.c, SSL_get_shared_ciphers(): Fix len comparison to correctly
    handle invalid long cipher list strings. [CVE-2006-3738]
  * ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to
    avoid client crash with malicious server responses. [CVE-2006-4343]
  * Certain types of public key could take disproportionate amounts of time to
    process. Apply patch from Bodo Moeller to impose limits to public key type
    values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940]
  * Updated patch in previous package version to fix a few corner-case
    regressions. (This reverts the changes to rsa_eay.c/rsa.h/rsa_err.c, which
    were determined to not be necessary).

 -- Martin Pitt <email address hidden>   Wed, 27 Sep 2006 10:26:23 +0000

Upload details

Uploaded by:
Martin Pitt
Uploaded to:
Dapper
Original maintainer:
Debian OpenSSL Team
Architectures:
any
Section:
utils
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
openssl_0.9.8a.orig.tar.gz 3.1 MiB 30f8f61fb1316f4fb51410c740b4879b8e26b417c8d870e486144b10b8041c73
openssl_0.9.8a-7ubuntu0.2.diff.gz 37.7 KiB a38023ae63388b008ee307e3ce38fc58d581ea37b2aded01c5f7cabedd9eee24
openssl_0.9.8a-7ubuntu0.2.dsc 816 bytes 9e7d0307ef715230cea24fbe7a14caae7492b3908f637beff27114d0b0b0ffd9

View changes file

Binary packages built by this source

libcrypto0.9.8-udeb: No summary available for libcrypto0.9.8-udeb in ubuntu dapper.

No description available for libcrypto0.9.8-udeb in ubuntu dapper.

libssl-dev: No summary available for libssl-dev in ubuntu dapper.

No description available for libssl-dev in ubuntu dapper.

libssl0.9.8: No summary available for libssl0.9.8 in ubuntu dapper.

No description available for libssl0.9.8 in ubuntu dapper.

libssl0.9.8-dbg: No summary available for libssl0.9.8-dbg in ubuntu dapper.

No description available for libssl0.9.8-dbg in ubuntu dapper.

openssl: No summary available for openssl in ubuntu dapper.

No description available for openssl in ubuntu dapper.