[ubuntu/jaunty] openssl 0.9.8g-15ubuntu3 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Fri Mar 27 13:30:13 GMT 2009 

openssl (0.9.8g-15ubuntu3) jaunty; urgency=low

  * SECURITY UPDATE: crash via invalid memory access when printing BMPString
    or UniversalString with invalid length
    - crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h:
      return error if invalid length
    - CVE-2009-0590
    - http://www.openssl.org/news/secadv_20090325.txt
    - patch from upstream CVS:
      crypto/asn1/asn1.h:1.128.2.11->1.128.2.12
      crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5
      crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11

Date: Fri, 27 Mar 2009 08:23:35 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/jaunty/+source/openssl/0.9.8g-15ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 27 Mar 2009 08:23:35 -0500
Source: openssl
Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl-dev libssl0.9.8-dbg
Architecture: source
Version: 0.9.8g-15ubuntu3
Distribution: jaunty
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 libcrypto0.9.8-udeb - crypto shared library - udeb (udeb)
 libssl-dev - SSL development libraries, header files and documentation
 libssl0.9.8 - SSL shared libraries
 libssl0.9.8-dbg - Symbol tables for libssl and libcrypto
 openssl    - Secure Socket Layer (SSL) binary and related cryptographic tools
 openssl-doc - Secure Socket Layer (SSL) documentation
Changes: 
 openssl (0.9.8g-15ubuntu3) jaunty; urgency=low
 .
   * SECURITY UPDATE: crash via invalid memory access when printing BMPString
     or UniversalString with invalid length
     - crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h:
       return error if invalid length
     - CVE-2009-0590
     - http://www.openssl.org/news/secadv_20090325.txt
     - patch from upstream CVS:
       crypto/asn1/asn1.h:1.128.2.11->1.128.2.12
       crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5
       crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11
Checksums-Sha1: 
 5df39e3f99d1e1433c75c443fa0e0c2942911ebc 1429 openssl_0.9.8g-15ubuntu3.dsc
 f2d6f0eafba0a1248e070802b7042eded34dbd0a 58650 openssl_0.9.8g-15ubuntu3.diff.gz
Checksums-Sha256: 
 bc5a312fbe6ebeeeb2e48a907996e6d264949525d4aef5f3e8c2e60bbe639009 1429 openssl_0.9.8g-15ubuntu3.dsc
 b25ee227383462b986615d7cd306cf508e3f57bcfc78752899af0410b844b4da 58650 openssl_0.9.8g-15ubuntu3.diff.gz
Files: 
 7adb0ed5cee698161e45644c8718536c 1429 utils optional openssl_0.9.8g-15ubuntu3.dsc
 ee4b005c57a9813aabe9b1c0b7488635 58650 utils optional openssl_0.9.8g-15ubuntu3.diff.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEUEARECAAYFAknM0/AACgkQW0JvuRdL8BoungCgoYttaAbiMglVicCZns2ozqJS
sWIAl1cpY3QYpcf7cCRFCsvvrkhIuhU=
=j3Rk
-----END PGP SIGNATURE-----

More information about the Jaunty-changes mailing list