lp://staging/ubuntu/gutsy-security/openssl
- Get this branch:
- bzr branch lp://staging/ubuntu/gutsy-security/openssl
Branch merges
Branch information
Recent revisions
- 21. By Jamie Strandboge
-
* SECURITY UPDATE: crash via invalid memory access when printing BMPString
or UniversalString with invalid length
- crypto/asn1/tasn_ dec.c, crypto/ asn1/asn1_ err.c and crypto/asn1/asn1.h:
return error if invalid length
- CVE-2009-0590
- http://www.openssl. org/news/ secadv_ 20090325. txt
- patch from upstream CVS:
crypto/asn1/asn1. h:1.128. 2.11->1. 128.2.12
crypto/asn1/asn1_ err.c:1. 54.2.4- >1.54.2. 5
crypto/asn1/tasn_ dec.c:1. 26.2.10- >1.26.2. 11 - 20. By Jamie Strandboge
-
* SECURITY UPDATE: clients treat malformed signatures as good when verifying
server DSA and ECDSA certificates
- update apps/speed.c, apps/spkac.c, apps/verify.c, apps/x509.c,
ssl/s2_clnt.c, ssl/s2_srvr.c, ssl/s3_clnt.c, s3_srvr.c, and
ssl/ssltest.c to properly check the return code of EVP_VerifyFinal()
- patch based on upstream patch for #2008-016
- CVE-2008-5077 - 19. By Kees Cook
-
* SECURITY UPDATE: PRNG seeding was not fully operational.
* crypto/rand/md_ rand.c: restore upstream code. - 18. By Kees Cook
-
* SECURITY UPDATE: DTLS implementation can lead to remote code execution.
* ssl/{ssl_err,d1_ both}.c, ssl/{dtls1,ssl}.h: patched inline with upstream
fixes backported thanks to Ludwig Nussel.
* References
http://www.openssl. org/news/ secadv_ 20071012. txt
CVE-2007-4995 - 16. By Kees Cook
-
[ Jamie Strandboge ]
* SECURITY UPDATE: off-by-one error in SSL_get_shared_ ciphers( ) results in
buffer overflow
* ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to
Stephan Hermann
* References:
CVE-2007-5135
http://www.securityfoc us.com/ archive/ 1/archive/ 1/480855/ 100/0/threaded
Fixes LP: #146269
* Modify Maintainer value to match the DebianMaintainerField
specification.[ Kees Cook ]
* SECURITY UPDATE: side-channel attacks via BN_from_montgomery function.
* crypto/bn/bn_mont. c: upstream patch from openssl CVS thanks to Debian.
* References
CVE-2007-3108 - 15. By Matthias Klose
-
* Configure: Add support for lpia.
* Explicitely build using gcc-4.1 (PR other/31359). - 14. By Kurt Roeckx
-
[ Christian Perrier ]
* Debconf templates proofread and slightly rewritten by
the debian-l10n-english team as part of the Smith Review Project.
Closes: #418584
* Debconf templates translations:
- Arabic. Closes: #418669
- Russian. Closes: #418670
- Galician. Closes: #418671
- Swedish. Closes: #418679
- Korean. Closes: #418755
- Czech. Closes: #418768
- Basque. Closes: #418784
- German. Closes: #418785
- Traditional Chinese. Closes: #419915
- Brazilian Portuguese. Closes: #419959
- French. Closes: #420429
- Italian. Closes: #420461
- Japanese. Closes: #420482
- Catalan. Closes: #420833
- Dutch. Closes: #420925
- Malayalam. Closes: #420986
- Portuguese. Closes: #421032
- Romanian. Closes: #421708[ Kurt Roeckx ]
* Remove the Provides for the udeb. Patch from Frans Pop. (Closes: #419608)
* Updated Spanish debconf template. (Closes: #421336)
* Do the header changes, changing those defines into real functions,
and bump the shlibs to match.
* Update Japanese debconf translation. (Closes: #422270) - 13. By Kurt Roeckx
-
openssl should depend on libssl0.9.8 0.9.8e-1 since it
uses some of the defines that changed to functions.
Other things build against libssl or libcrypto shouldn't
have this problem since they use the old headers.
(Closes: #414283)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/lucid/openssl