Branches for Quantal

Author: Tyler Hicks
Revision Date: 2012-10-04 10:34:57 UTC

[ Tyler Hicks <tyhicks@canonical.com> ]
* debian/patches/tls12_workarounds.patch: Readd the change to check
  TLS1_get_client_version rather than TLS1_get_version to fix incorrect
  client hello cipher list truncation when TLS 1.1 and lower is in use.
  (LP: #1051892)

[ Micah Gersten <micahg@ubuntu.com> ]
* Mark Debian Vcs-* as XS-Debian-Vcs-*
  - update debian/control

Author: Seth Arnold
Revision Date: 2013-06-03 18:13:33 UTC

* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
  (LP: #1187195)
  - CVE-2012-4929
  - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
    zlib to compress SSL/TLS unless the environment variable
    OPENSSL_DEFAULT_ZLIB is set in the environment during library
    initialization.
  - Introduced to assist with programs not yet updated to provide their own
    controls on compression, such as Postfix
  - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch

Author: Marc Deslauriers
Revision Date: 2014-05-02 15:27:44 UTC

* SECURITY UPDATE: denial of service via use after free
  - debian/patches/CVE-2010-5298.patch: check s->s3->rbuf.left before
    releasing buffers in ssl/s3_pkt.c.
  - CVE-2010-5298
* SECURITY UPDATE: denial of service via null pointer dereference
  - debian/patches/CVE-2014-0198.patch: if buffer was released, get a new
    one in ssl/s3_pkt.c.
  - CVE-2014-0198

Author: Marc Deslauriers
Revision Date: 2014-05-02 15:27:44 UTC

* SECURITY UPDATE: denial of service via use after free
  - debian/patches/CVE-2010-5298.patch: check s->s3->rbuf.left before
    releasing buffers in ssl/s3_pkt.c.
  - CVE-2010-5298
* SECURITY UPDATE: denial of service via null pointer dereference
  - debian/patches/CVE-2014-0198.patch: if buffer was released, get a new
    one in ssl/s3_pkt.c.
  - CVE-2014-0198