[ubuntu/bionic-updates] openssl1.0 1.0.2n-1ubuntu5.5 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Dec 8 15:58:24 UTC 2020
openssl1.0 (1.0.2n-1ubuntu5.5) bionic-security; urgency=medium
* SECURITY UPDATE: EDIPARTYNAME NULL pointer de-ref
- debian/patches/CVE-2020-1971-1.patch: use explicit tagging for
DirectoryString in crypto/x509v3/v3_genn.c.
- debian/patches/CVE-2020-1971-2.patch: correctly compare EdiPartyName
in crypto/x509v3/v3_genn.c.
- debian/patches/CVE-2020-1971-3.patch: check that multi-strings/CHOICE
types don't use implicit tagging in crypto/asn1/asn1_err.c,
crypto/asn1/tasn_dec.c, crypto/asn1/asn1.h.
- debian/patches/CVE-2020-1971-4.patch: complain if we are attempting
to encode with an invalid ASN.1 template in crypto/asn1/asn1_err.c,
crypto/asn1/tasn_enc.c, crypto/asn1/asn1.h.
- debian/patches/CVE-2020-1971-5.patch: add a test for GENERAL_NAME_cmp
in crypto/x509v3/v3nametest.c.
- CVE-2020-1971
Date: 2020-12-03 14:23:13.995937+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list