Ubuntu
openssl package

lp://staging/ubuntu/edgy-security/openssl

  1. Edgy (6.10)
  2. edgy-security
Created by James Westby and last modified
Get this branch:
bzr branch lp://staging/ubuntu/edgy-security/openssl
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

11. By Kees Cook

* SECURITY UPDATE: DTLS implementation can lead to remote code execution.
* ssl/{ssl_err,d1_both}.c, ssl/{dtls1,ssl}.h: patched inline with upstream
  fixes backported thanks to Ludwig Nussel.
* References
  http://www.openssl.org/news/secadv_20071012.txt
  CVE-2007-4995

10. By Kees Cook

[ Jamie Strandboge ]
* SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in
  buffer overflow
* ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to
  Stephan Hermann
* References:
  CVE-2007-5135
  http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded
  Fixes LP: #146269

[ Kees Cook ]
* SECURITY UPDATE: side-channel attacks via BN_from_montgomery function.
* crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian.
* References
  CVE-2007-3108

9. By Martin Pitt

* SECURITY UPDATE: Remote arbitrary code execution, remote DoS.
* crypto/asn1/tasn_dec.c, asn1_d2i_ex_primitive(): Initialize 'ret' to avoid
  an infinite loop in some circumstances. [CVE-2006-2937]
* ssl/ssl_lib.c, SSL_get_shared_ciphers(): Fix len comparison to correctly
  handle invalid long cipher list strings. [CVE-2006-3738]
* ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to
  avoid client crash with malicious server responses. [CVE-2006-4343]
* Certain types of public key could take disproportionate amounts of time to
  process. Apply patch from Bodo Moeller to impose limits to public key type
  values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940]
* Updated patch in previous package version to fix a few corner-case
  regressions. (This reverts the changes to rsa_eay.c/rsa.h/rsa_err.c, which
  were determined to not be necessary).

8. By Martin Pitt

* SECURITY UPDATE: signature forgery in some cases.
* Apply http://www.openssl.org/news/patch-CVE-2006-4339.txt:
  - Check excessive data in padding of PKCS #1 v1.5 signatures to prevent
    applications from incorrectly verifying the certificate.
* References:
  CVE-2006-4339
  http://www.openssl.org/news/secadv_20060905.txt

7. By Colin Watson

Rebuild with current zlib1g-dev to fix udeb shlibdeps.

6. By Kurt Roeckx

* Don't call gcc with -mcpu on i386, we already use -march, so no need for
  -mtune either.
* Always make all directories when building something:
  - The engines directory didn't get build for the static directory, so
    where missing in libcrypo.a
  - The apps directory didn't always get build, so we didn't have an openssl
    and a small part of the regression tests failed.
* Make the package fail to build if the regression tests fail.

5. By Adam Conrad

Fake sync from Debian to resolve a problem with establishing TCP
connections over the BIO API, add a new debconf translation, and
resolve a build failure with libio-socket-ssl-perl.

4. By Kurt Roeckx

Stop ssh from crashing randomly on sparc (Closes: #335912)
Patch from upstream cvs.

3. By Christoph Martin <email address hidden>

* really fix der_chop. The fix from -1 was not really included (closes:
  #281212)
* still fixes security problem CAN-2004-0975 etc.
  - tempfile raise condition in der_chop
  - Avoid a race condition when CRLs are checked in a multi threaded
    environment.

2. By Christoph Martin <email address hidden>

rename -pic.a libraries to _pic.a (closes: #250016)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://staging/ubuntu/lucid/openssl
This branch contains Public information 
Everyone can see this information.

Subscribers