Accepted openssl 0.9.8b-2ubuntu2 (source)

Martin Pitt martin.pitt at ubuntu.com
Fri Sep 29 17:46:25 BST 2006 

Accepted:
openssl 0.9.8b-2ubuntu2 was ACCEPTED.
	Component: main Section: utils

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 27 Sep 2006 12:16:12 +0200
Source: openssl
Binary: libssl-dev openssl libssl0.9.8-dbg libcrypto0.9.8-udeb libssl0.9.8
Architecture: source
Version: 0.9.8b-2ubuntu2
Distribution: edgy
Urgency: low
Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description: 
 libcrypto0.9.8-udeb - crypto shared library - udeb
 libssl-dev - SSL development libraries, header files and documentation
 libssl0.9.8 - SSL shared libraries
 libssl0.9.8-dbg - Symbol tables for libssl and libcrypt
 openssl    - Secure Socket Layer (SSL) binary and related cryptographic tools
Changes: 
 openssl (0.9.8b-2ubuntu2) edgy; urgency=low
 .
   * SECURITY UPDATE: Remote arbitrary code execution, remote DoS.
   * crypto/asn1/tasn_dec.c, asn1_d2i_ex_primitive(): Initialize 'ret' to avoid
     an infinite loop in some circumstances. [CVE-2006-2937]
   * ssl/ssl_lib.c, SSL_get_shared_ciphers(): Fix len comparison to correctly
     handle invalid long cipher list strings. [CVE-2006-3738]
   * ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to
     avoid client crash with malicious server responses. [CVE-2006-4343]
   * Certain types of public key could take disproportionate amounts of time to
     process. Apply patch from Bodo Moeller to impose limits to public key type
     values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940]
   * Updated patch in previous package version to fix a few corner-case
     regressions. (This reverts the changes to rsa_eay.c/rsa.h/rsa_err.c, which
     were determined to not be necessary).
Files: 
 87f09a83af8bad92dda28b1ae015c9c2 811 utils optional openssl_0.9.8b-2ubuntu2.dsc
 feee8782fb88f228453181f887083bf7 47664 utils optional openssl_0.9.8b-2ubuntu2.diff.gz
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFGk/NDecnbV4Fd/IRAniwAKD3OqIy9w5oKnbmqgLwOU+uWddfQQCg/bBu
bC9bLBugdcD9+bms9a847C4=
=rwHT
-----END PGP SIGNATURE-----
application finalize called

More information about the edgy-changes mailing list