Ubuntu
openssl package

Branches for Raring

Name Status Last Modified Last Commit
lp://staging/ubuntu/raring/openssl 2 Mature 2013-03-19 14:33:14 UTC
93. * SECURITY UPDATE: "Lucky Thirteen" t...

Author: Marc Deslauriers
Revision Date: 2013-03-19 14:33:14 UTC

* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - debian/patches/CVE-2013-0169.patch: re-enabled patch and added extra
    commit from upstream to fix regression.
  - CVE-2013-0169
lp://staging/ubuntu/raring-proposed/openssl 2 Mature 2013-12-11 06:24:52 UTC
94. * SECURITY UPDATE: Disable compressio...

Author: Seth Arnold
Revision Date: 2013-06-03 18:13:47 UTC

* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
  (LP: #1187195)
  - CVE-2012-4929
  - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
    zlib to compress SSL/TLS unless the environment variable
    OPENSSL_DEFAULT_ZLIB is set in the environment during library
    initialization.
  - Introduced to assist with programs not yet updated to provide their own
    controls on compression, such as Postfix
  - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch
lp://staging/ubuntu/raring-security/openssl bug 2 Mature 2014-01-08 14:55:58 UTC
95. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-01-08 14:55:58 UTC

* SECURITY UPDATE: denial of service via invalid TLS handshake
  - debian/patches/CVE-2013-4353.patch: handle no new cipher setup in
    ssl/s3_both.c.
  - CVE-2013-4353
* SECURITY UPDATE: denial of service via incorrect data structure
  - debian/patches/CVE-2013-6449.patch: check for handshake digests in
    ssl/s3_both.c,ssl/s3_pkt.c,ssl/t1_enc.c, use proper version in
    ssl/s3_lib.c.
  - CVE-2013-6449
* SECURITY UPDATE: denial of service via DTLS retransmission
  - debian/patches/CVE-2013-6450.patch: fix DTLS retransmission in
    crypto/evp/digest.c,ssl/d1_both.c,ssl/s3_pkt.c,ssl/s3_srvr.c,
    ssl/ssl_locl.h,ssl/t1_enc.c.
  - CVE-2013-6450
* debian/patches/no_default_rdrand.patch: Don't use rdrand engine as
  default unless explicitly requested.
lp://staging/ubuntu/raring-updates/openssl 2 Mature 2014-01-08 14:55:58 UTC
95. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2014-01-08 14:55:58 UTC

* SECURITY UPDATE: denial of service via invalid TLS handshake
  - debian/patches/CVE-2013-4353.patch: handle no new cipher setup in
    ssl/s3_both.c.
  - CVE-2013-4353
* SECURITY UPDATE: denial of service via incorrect data structure
  - debian/patches/CVE-2013-6449.patch: check for handshake digests in
    ssl/s3_both.c,ssl/s3_pkt.c,ssl/t1_enc.c, use proper version in
    ssl/s3_lib.c.
  - CVE-2013-6449
* SECURITY UPDATE: denial of service via DTLS retransmission
  - debian/patches/CVE-2013-6450.patch: fix DTLS retransmission in
    crypto/evp/digest.c,ssl/d1_both.c,ssl/s3_pkt.c,ssl/s3_srvr.c,
    ssl/ssl_locl.h,ssl/t1_enc.c.
  - CVE-2013-6450
* debian/patches/no_default_rdrand.patch: Don't use rdrand engine as
  default unless explicitly requested.
14 of 4 results FirstPreviousNextLast