Accepted openssl097 0.9.7i-1 (source)

Ubuntu Installer archive at
Tue Aug 8 08:33:00 BST 2006

 OK: openssl097_0.9.7i.orig.tar.gz
 OK: openssl097_0.9.7i-1.dsc
     -> Component: universe Section: utils
 OK: openssl097_0.9.7i-1.diff.gz

Origin: Debian/unstable
Format: 1.7
Date: Tue,  08 Aug 2006 08:20:45 +0100
Source: openssl097
Binary: libssl0.9.7, libssl0.9.7-dbg
Architecture: source
Version: 0.9.7i-1
Distribution: edgy
Urgency: high
Maintainer: Debian OpenSSL Team <pkg-openssl-devel at>
Changed-By: Barry deFreese <bddebian at>
 openssl097 (0.9.7i-1) unstable; urgency=high
   * New upstream release
    * Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
      (part of SSL_OP_ALL).  This option used to disable the
      countermeasure against man-in-the-middle protocol-version
      rollback in the SSL 2.0 server implementation, which is a bad
      idea.  (CAN-2005-2969)
    * For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform
      the exponentiation using a fixed-length exponent.  (Otherwise,
      the information leaked through timing could expose the secret key
      after many signatures; cf. Bleichenbacher's attack on DSA with
      biased k.)
    * Make a new fixed-window mod_exp implementation the default for
      RSA, DSA, and DH private-key operations so that the sequence of
      squares and multiplies and the memory access pattern are
      independent of the particular secret key.  This will mitigate
      cache-timing and potential related attacks.
    * Change the client implementation for SSLv23_method() and
      SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0
      Client Hello message format if the SSL_OP_NO_SSLv2 option is set.
      (Previously, the SSL 2.0 backwards compatible Client Hello
      message format would be used even with SSL_OP_NO_SSLv2.)
 f69d82b206ff8bff9d0e721f97380b9e 3280907 utils optional openssl097_0.9.7i.orig.tar.gz
 31f775b439e34e59329798f8abfa9c03 1047 utils optional openssl097_0.9.7i-1.dsc
 01a3ad5031c7b827b1cfa264e14bfb3f 37410 utils optional openssl097_0.9.7i-1.diff.gz

More information about the edgy-changes mailing list