-
openssl (0.9.8e-5ubuntu3.4) gutsy-security; urgency=low
* SECURITY UPDATE: crash via invalid memory access when printing BMPString
or UniversalString with invalid length
- crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h:
return error if invalid length
- CVE-2009-0590
- http://www.openssl.org/news/secadv_20090325.txt
- patch from upstream CVS:
crypto/asn1/asn1.h:1.128.2.11->1.128.2.12
crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5
crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11
-- Jamie Strandboge <email address hidden> Thu, 26 Mar 2009 14:13:35 -0500
-
openssl (0.9.8e-5ubuntu3.3) gutsy-security; urgency=low
* SECURITY UPDATE: clients treat malformed signatures as good when verifying
server DSA and ECDSA certificates
- update apps/speed.c, apps/spkac.c, apps/verify.c, apps/x509.c,
ssl/s2_clnt.c, ssl/s2_srvr.c, ssl/s3_clnt.c, s3_srvr.c, and
ssl/ssltest.c to properly check the return code of EVP_VerifyFinal()
- patch based on upstream patch for #2008-016
- CVE-2008-5077
-- Jamie Strandboge <email address hidden> Tue, 06 Jan 2009 01:02:51 -0600
-
openssl (0.9.8e-5ubuntu3.2) gutsy-security; urgency=high
* SECURITY UPDATE: PRNG seeding was not fully operational.
* crypto/rand/md_rand.c: restore upstream code.
-- Kees Cook <email address hidden> Thu, 08 May 2008 21:45:57 -0700
-
openssl (0.9.8e-5ubuntu3.1) gutsy-security; urgency=low
* SECURITY UPDATE: DTLS implementation can lead to remote code execution.
* ssl/{ssl_err,d1_both}.c, ssl/{dtls1,ssl}.h: patched inline with upstream
fixes backported thanks to Ludwig Nussel.
* References
http://www.openssl.org/news/secadv_20071012.txt
CVE-2007-4995
-- Kees Cook <email address hidden> Fri, 19 Oct 2007 09:59:38 -0700
-
openssl (0.9.8e-5ubuntu3) gutsy; urgency=low
* Replace duplicate files in the doc directory with symlinks.
-- Matthias Klose <email address hidden> Thu, 04 Oct 2007 16:27:53 +0000
-
openssl (0.9.8e-5ubuntu2) gutsy; urgency=low
[ Jamie Strandboge ]
* SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in
buffer overflow
* ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to
Stephan Hermann
* References:
CVE-2007-5135
http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded
Fixes LP: #146269
* Modify Maintainer value to match the DebianMaintainerField
specification.
[ Kees Cook ]
* SECURITY UPDATE: side-channel attacks via BN_from_montgomery function.
* crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian.
* References
CVE-2007-3108
-- Kees Cook <email address hidden> Fri, 28 Sep 2007 13:02:19 -0700
-
openssl (0.9.8e-5ubuntu1) gutsy; urgency=low
* Configure: Add support for lpia.
* Explicitely build using gcc-4.1 (PR other/31359).
-- Matthias Klose <email address hidden> Tue, 31 Jul 2007 12:47:38 +0000
-
openssl (0.9.8e-5) unstable; urgency=low
[ Christian Perrier ]
* Debconf templates proofread and slightly rewritten by
the debian-l10n-english team as part of the Smith Review Project.
Closes: #418584
* Debconf templates translations:
- Arabic. Closes: #418669
- Russian. Closes: #418670
- Galician. Closes: #418671
- Swedish. Closes: #418679
- Korean. Closes: #418755
- Czech. Closes: #418768
- Basque. Closes: #418784
- German. Closes: #418785
- Traditional Chinese. Closes: #419915
- Brazilian Portuguese. Closes: #419959
- French. Closes: #420429
- Italian. Closes: #420461
- Japanese. Closes: #420482
- Catalan. Closes: #420833
- Dutch. Closes: #420925
- Malayalam. Closes: #420986
- Portuguese. Closes: #421032
- Romanian. Closes: #421708
[ Kurt Roeckx ]
* Remove the Provides for the udeb. Patch from Frans Pop. (Closes: #419608)
* Updated Spanish debconf template. (Closes: #421336)
* Do the header changes, changing those defines into real functions,
and bump the shlibs to match.
* Update Japanese debconf translation. (Closes: #422270)
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 16 May 2007 07:55:35 +0100
-
openssl (0.9.8e-4) unstable; urgency=low
* openssl should depend on libssl0.9.8 0.9.8e-1 since it
uses some of the defines that changed to functions.
Other things build against libssl or libcrypto shouldn't
have this problem since they use the old headers.
(Closes: #414283)
openssl (0.9.8e-3) unstable; urgency=low
* Add nagios-nrpe-server to the list of services to be checked
(Closes: #391188)
* EVP_CIPHER_CTX_key_length() should return the set key length in the
EVP_CIPHER_CTX structure which may not be the same as the underlying
cipher key length for variable length ciphers.
From upstream CVS. (Closes: #412979)
openssl (0.9.8e-2) unstable; urgency=low
* Undo include changes that change defines into real functions,
but keep the new functions in the library.
openssl (0.9.8e-1) unstable; urgency=low
* New upstream release
- Inludes security fixes for CVE-2006-2937, CVE-2006-2940,
CVE-2006-3738, CVE-2006-4343 (Closes: #408902)
- s_client now properly works with SMTP. Also added support
for IMAP. (closes: #221689)
- Load padlock modules (Closes: #345656, #368476)
* Add clamav-freshclam and clamav-daemon to the list of service that
need to be restarted. (Closes: #391191)
* Add armel support. Thanks to Guillem Jover <email address hidden>
for the patch. (Closes: #407196)
* Add Portuguese translations. Thanks to Carlos Lisboa. (Closes: 408157)
* Add Norwegian translations. Thanks to Bjørn Steensrud
<email address hidden> (Closes: #412326)
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 27 Apr 2007 00:57:43 +0100
-
openssl (0.9.8c-4build1) feisty; urgency=low
* Rebuild for changes in the amd64 toolchain.
-- Matthias Klose <email address hidden> Mon, 5 Mar 2007 01:24:00 +0000
