Ubuntu
openssl package

Branches for Maverick

Name Status Last Modified Last Commit
lp://staging/ubuntu/maverick/openssl bug 2 Mature 2010-09-24 11:23:10 UTC
48. releasing version 0.9.8o-1ubuntu4

Author: Colin Watson
Revision Date: 2010-09-24 11:23:10 UTC

releasing version 0.9.8o-1ubuntu4
lp://staging/ubuntu/maverick-updates/openssl 2 Mature 2012-01-31 01:37:33 UTC
53. * SECURITY UPDATE: ECDSA private key ...

Author: Steve Beattie
Revision Date: 2012-01-31 01:37:33 UTC

* SECURITY UPDATE: ECDSA private key timing attack
  - debian/patches/CVE-2011-1945.patch: compute with fixed scalar
    length
  - CVE-2011-1945
* SECURITY UPDATE: ECDH ciphersuite denial of service
  - debian/patches/CVE-2011-3210.patch: fix memory usage for thread
    safety
  - CVE-2011-3210
* SECURITY UPDATE: DTLS plaintext recovery attack
  - debian/patches/CVE-2011-4108.patch: perform all computations
    before discarding messages
  - CVE-2011-4108
* SECURITY UPDATE: policy check double free vulnerability
  - debian/patches/CVE-2011-4019.patch: only free domain policyin
    one location
  - CVE-2011-4019
* SECURITY UPDATE: SSL 3.0 block padding exposure
  - debian/patches/CVE-2011-4576.patch: clear bytes used for block
    padding of SSL 3.0 records.
  - CVE-2011-4576
* SECURITY UPDATE: malformed RFC 3779 data denial of service attack
  - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779
    data from triggering an assertion failure
  - CVE-2011-4577
* SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service
  - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake
    restart for SSL/TLS.
  - CVE-2011-4619
* SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack
  - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC
  - CVE-2012-0050
* debian/patches/openssl-fix_ECDSA_tests.patch: fix ECDSA tests
* debian/libssl0.9.8.postinst: Only issue the reboot notification for
  servers by testing that the X server is not running (LP: #244250)
lp://staging/~nvalcarcel/ubuntu/maverick/openssl/openssl-merge bug 1 Development 2010-05-18 04:10:29 UTC
50. added configure.patch

Author: Nicolas Valcarcel
Revision Date: 2010-05-18 04:10:29 UTC

added configure.patch
lp://staging/ubuntu/maverick-security/openssl bug 1 Development 2012-02-09 22:13:49 UTC
53. * SECURITY UPDATE: ECDSA private key ...

Author: Steve Beattie
Revision Date: 2012-01-31 01:37:33 UTC

* SECURITY UPDATE: ECDSA private key timing attack
  - debian/patches/CVE-2011-1945.patch: compute with fixed scalar
    length
  - CVE-2011-1945
* SECURITY UPDATE: ECDH ciphersuite denial of service
  - debian/patches/CVE-2011-3210.patch: fix memory usage for thread
    safety
  - CVE-2011-3210
* SECURITY UPDATE: DTLS plaintext recovery attack
  - debian/patches/CVE-2011-4108.patch: perform all computations
    before discarding messages
  - CVE-2011-4108
* SECURITY UPDATE: policy check double free vulnerability
  - debian/patches/CVE-2011-4019.patch: only free domain policyin
    one location
  - CVE-2011-4019
* SECURITY UPDATE: SSL 3.0 block padding exposure
  - debian/patches/CVE-2011-4576.patch: clear bytes used for block
    padding of SSL 3.0 records.
  - CVE-2011-4576
* SECURITY UPDATE: malformed RFC 3779 data denial of service attack
  - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779
    data from triggering an assertion failure
  - CVE-2011-4577
* SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service
  - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake
    restart for SSL/TLS.
  - CVE-2011-4619
* SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack
  - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC
  - CVE-2012-0050
* debian/patches/openssl-fix_ECDSA_tests.patch: fix ECDSA tests
* debian/libssl0.9.8.postinst: Only issue the reboot notification for
  servers by testing that the X server is not running (LP: #244250)
14 of 4 results FirstPreviousNextLast