[ubuntu/lucid-security] openssl_0.9.8k-7ubuntu8.13_sparc_translations.tar.gz, openssl_0.9.8k-7ubuntu8.13_armel_translations.tar.gz, openssl, openssl_0.9.8k-7ubuntu8.13_amd64_translations.tar.gz, openssl_0.9.8k-7ubuntu8.13_i386_translations.tar.gz, openssl_0.9.8k-7ubuntu8.13_powerpc_translations.tar.gz, openssl_0.9.8k-7ubuntu8.13_ia64_translations.tar.gz 0.9.8k-7ubuntu8.13 (Accepted)
Steve Beattie
sbeattie at ubuntu.com
Thu May 24 19:04:56 UTC 2012
openssl (0.9.8k-7ubuntu8.13) lucid-security; urgency=low
* SECURITY UPDATE: denial of service attack in DTLS implementation
- debian/patches/CVE_2012-2333.patch: guard for integer overflow
before skipping explicit IV
- CVE-2012-2333
* SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7
- debian/patches/CVE-2012-0884.patch: use a random key if RSA
decryption fails to avoid leaking timing information
- CVE-2012-0884
* debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto
errors in PKCS7_decrypt and initialize tkeylen properly when
encrypting CMS messages.
Date: Tue, 22 May 2012 16:11:28 -0700
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/openssl/0.9.8k-7ubuntu8.13
-------------- next part --------------
Format: 1.8
Date: Tue, 22 May 2012 16:11:28 -0700
Source: openssl
Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl0.9.8-udeb libssl-dev libssl0.9.8-dbg
Architecture: source
Version: 0.9.8k-7ubuntu8.13
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description:
libcrypto0.9.8-udeb - crypto shared library - udeb (udeb)
libssl-dev - SSL development libraries, header files and documentation
libssl0.9.8 - SSL shared libraries
libssl0.9.8-dbg - Symbol tables for libssl and libcrypto
libssl0.9.8-udeb - ssl shared library - udeb (udeb)
openssl - Secure Socket Layer (SSL) binary and related cryptographic tools
openssl-doc - Secure Socket Layer (SSL) documentation
Changes:
openssl (0.9.8k-7ubuntu8.13) lucid-security; urgency=low
.
* SECURITY UPDATE: denial of service attack in DTLS implementation
- debian/patches/CVE_2012-2333.patch: guard for integer overflow
before skipping explicit IV
- CVE-2012-2333
* SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7
- debian/patches/CVE-2012-0884.patch: use a random key if RSA
decryption fails to avoid leaking timing information
- CVE-2012-0884
* debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto
errors in PKCS7_decrypt and initialize tkeylen properly when
encrypting CMS messages.
Checksums-Sha1:
5347fc973988da456cf4739103f061251bf73c71 2101 openssl_0.9.8k-7ubuntu8.13.dsc
d2eec2e6e818f57bbf2c0061e2b73eed8ab0afbc 129751 openssl_0.9.8k-7ubuntu8.13.diff.gz
Checksums-Sha256:
f2a1c1e04b3374423bffbd0d126107197ba71aeb639957b716e98aa286983799 2101 openssl_0.9.8k-7ubuntu8.13.dsc
0801281318119ff7678a5d87afcf559c0178af692caa8111f337e1e2009c077a 129751 openssl_0.9.8k-7ubuntu8.13.diff.gz
Files:
4d50c863a613e005dc7913fd19648b7f 2101 utils optional openssl_0.9.8k-7ubuntu8.13.dsc
fb95d076ffcc1c11f07680b27d0462b0 129751 utils optional openssl_0.9.8k-7ubuntu8.13.diff.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>
More information about the Lucid-changes
mailing list