[ubuntu/lucid-security] openssl_0.9.8k-7ubuntu8.3_powerpc_translations.tar.gz, openssl_0.9.8k-7ubuntu8.3_sparc_translations.tar.gz (delayed), openssl_0.9.8k-7ubuntu8.3_ia64_translations.tar.gz, openssl, openssl_0.9.8k-7ubuntu8.3_amd64_translations.tar.gz, openssl_0.9.8k-7ubuntu8.3_i386_translations.tar.gz, openssl_0.9.8k-7ubuntu8.3_armel_translations.tar.gz 0.9.8k-7ubuntu8.3 (Accepted)

Ubuntu Installer archive at ubuntu.com
Thu Oct 7 15:24:09 BST 2010


openssl (0.9.8k-7ubuntu8.3) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    crafted private key with an invalid prime.
    - debian/patches/CVE-2010-2939.patch: set bn_ctx to NULL after freeing
      it in ssl/s3_clnt.c.
    - CVE-2010-2939

Date: Wed, 06 Oct 2010 16:54:34 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/openssl/0.9.8k-7ubuntu8.3
-------------- next part --------------
Format: 1.8
Date: Wed, 06 Oct 2010 16:54:34 -0400
Source: openssl
Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl0.9.8-udeb libssl-dev libssl0.9.8-dbg
Architecture: source
Version: 0.9.8k-7ubuntu8.3
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libcrypto0.9.8-udeb - crypto shared library - udeb (udeb)
 libssl-dev - SSL development libraries, header files and documentation
 libssl0.9.8 - SSL shared libraries
 libssl0.9.8-dbg - Symbol tables for libssl and libcrypto
 libssl0.9.8-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Socket Layer (SSL) binary and related cryptographic tools
 openssl-doc - Secure Socket Layer (SSL) documentation
Changes: 
 openssl (0.9.8k-7ubuntu8.3) lucid-security; urgency=low
 .
   * SECURITY UPDATE: denial of service and possible code execution via
     crafted private key with an invalid prime.
     - debian/patches/CVE-2010-2939.patch: set bn_ctx to NULL after freeing
       it in ssl/s3_clnt.c.
     - CVE-2010-2939
Checksums-Sha1: 
 a22708f3e9c0f4c167e3e6f1a7c5bcc11cc43c97 2102 openssl_0.9.8k-7ubuntu8.3.dsc
 aab2be3bcdcbe862963924a25935e0274c1093b1 110269 openssl_0.9.8k-7ubuntu8.3.diff.gz
Checksums-Sha256: 
 542b1ba04aae99fd8d4d3dcfbb3ccc62031fadef79ce7aa859c21747aa28f527 2102 openssl_0.9.8k-7ubuntu8.3.dsc
 f4ec42a0cc82214b596c9dc2a2f26651bce7eae45d1e36b56232c476dc80f4cc 110269 openssl_0.9.8k-7ubuntu8.3.diff.gz
Files: 
 1ca4fe91716b44545e7d95a6866ae831 2102 utils optional openssl_0.9.8k-7ubuntu8.3.dsc
 c4f3879fd7476f5f7248be9bbbaa3728 110269 utils optional openssl_0.9.8k-7ubuntu8.3.diff.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>


More information about the Lucid-changes mailing list