[ubuntu/karmic] openssl 0.9.8g-16ubuntu3 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Wed Sep 9 16:35:13 BST 2009
openssl (0.9.8g-16ubuntu3) karmic; urgency=low
* SECURITY UPDATE: certificate spoofing via hash collisions from MD2
design flaws.
- crypto/evp/c_alld.c, ssl/ssl_algs.c: disable MD2 digest.
- crypto/x509/x509_vfy.c: skip signature check for self signed
certificates
- http://marc.info/?l=openssl-cvs&m=124508133203041&w=2
- http://marc.info/?l=openssl-cvs&m=124704528713852&w=2
- CVE-2009-2409
Date: Tue, 08 Sep 2009 14:59:05 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Jamie Strandboge <jamie at ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/openssl/0.9.8g-16ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 08 Sep 2009 14:59:05 -0400
Source: openssl
Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl-dev libssl0.9.8-dbg
Architecture: source
Version: 0.9.8g-16ubuntu3
Distribution: karmic
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libcrypto0.9.8-udeb - crypto shared library - udeb (udeb)
libssl-dev - SSL development libraries, header files and documentation
libssl0.9.8 - SSL shared libraries
libssl0.9.8-dbg - Symbol tables for libssl and libcrypto
openssl - Secure Socket Layer (SSL) binary and related cryptographic tools
openssl-doc - Secure Socket Layer (SSL) documentation
Changes:
openssl (0.9.8g-16ubuntu3) karmic; urgency=low
.
* SECURITY UPDATE: certificate spoofing via hash collisions from MD2
design flaws.
- crypto/evp/c_alld.c, ssl/ssl_algs.c: disable MD2 digest.
- crypto/x509/x509_vfy.c: skip signature check for self signed
certificates
- http://marc.info/?l=openssl-cvs&m=124508133203041&w=2
- http://marc.info/?l=openssl-cvs&m=124704528713852&w=2
- CVE-2009-2409
Checksums-Sha1:
e3de0c5634aaab85a769262f63c0c72ffff12499 1429 openssl_0.9.8g-16ubuntu3.dsc
9358d09d50d829df316bea906b9edb6c6d22538e 61628 openssl_0.9.8g-16ubuntu3.diff.gz
Checksums-Sha256:
caeff59268739f8c55270bf14f81a3d609706a59b9c3a323e990536b2457d8d0 1429 openssl_0.9.8g-16ubuntu3.dsc
2be42444fa956e89f0c8f57bf0c90c46b0627cbe6202a058e96e8444707ef272 61628 openssl_0.9.8g-16ubuntu3.diff.gz
Files:
1ff3251e3282265da35c7e1374350252 1429 utils optional openssl_0.9.8g-16ubuntu3.dsc
e17725c55943ef402de033789c201ab2 61628 utils optional openssl_0.9.8g-16ubuntu3.diff.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqnySAACgkQW0JvuRdL8BogMACggX5QgrWRqUQ3gYwP+JpemMNI
D6sAnjXVVruIupVeBnshfwMmdqL9lfCh
=Ye5V
-----END PGP SIGNATURE-----
More information about the Karmic-changes
mailing list