[ubuntu/natty-security] openssl_0.9.8o-5ubuntu1.7_amd64_translations.tar.gz, openssl_0.9.8o-5ubuntu1.7_powerpc_translations.tar.gz, openssl_0.9.8o-5ubuntu1.7_armel_translations.tar.gz, openssl, openssl_0.9.8o-5ubuntu1.7_i386_translations.tar.gz 0.9.8o-5ubuntu1.7 (Accepted)
Steve Beattie
sbeattie at ubuntu.com
Thu May 24 19:04:46 UTC 2012
openssl (0.9.8o-5ubuntu1.7) natty-security; urgency=low
* SECURITY UPDATE: denial of service attack in DTLS implementation
- debian/patches/CVE_2012-2333.patch: guard for integer overflow
before skipping explicit IV
- CVE-2012-2333
* SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7
- debian/patches/CVE-2012-0884.patch: use a random key if RSA
decryption fails to avoid leaking timing information
- CVE-2012-0884
* debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto
errors in PKCS7_decrypt and initialize tkeylen properly when
encrypting CMS messages.
Date: Tue, 22 May 2012 15:25:06 -0700
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/openssl/0.9.8o-5ubuntu1.7
-------------- next part --------------
Format: 1.8
Date: Tue, 22 May 2012 15:25:06 -0700
Source: openssl
Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl0.9.8-udeb libssl-dev libssl0.9.8-dbg
Architecture: source
Version: 0.9.8o-5ubuntu1.7
Distribution: natty-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description:
libcrypto0.9.8-udeb - crypto shared library - udeb (udeb)
libssl-dev - SSL development libraries, header files and documentation
libssl0.9.8 - SSL shared libraries
libssl0.9.8-dbg - Symbol tables for libssl and libcrypto
libssl0.9.8-udeb - ssl shared library - udeb (udeb)
openssl - Secure Socket Layer (SSL) binary and related cryptographic tools
openssl-doc - Secure Socket Layer (SSL) documentation
Changes:
openssl (0.9.8o-5ubuntu1.7) natty-security; urgency=low
.
* SECURITY UPDATE: denial of service attack in DTLS implementation
- debian/patches/CVE_2012-2333.patch: guard for integer overflow
before skipping explicit IV
- CVE-2012-2333
* SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7
- debian/patches/CVE-2012-0884.patch: use a random key if RSA
decryption fails to avoid leaking timing information
- CVE-2012-0884
* debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto
errors in PKCS7_decrypt and initialize tkeylen properly when
encrypting CMS messages.
Checksums-Sha1:
142a0505abfd4b8d098ef3a47300dcaba374bff4 2116 openssl_0.9.8o-5ubuntu1.7.dsc
5edb577ab3563ae9a9bc29c8b6ef2d9913100e35 108172 openssl_0.9.8o-5ubuntu1.7.debian.tar.gz
Checksums-Sha256:
a1f049d2274d8663d8cacd127ab19fd9f00d94526e95eb2afcf2f3bfe845e058 2116 openssl_0.9.8o-5ubuntu1.7.dsc
73a359c8539c97a346f5ba26e75c27b70ef6ea45a3aba988a28677b5acb3f4d0 108172 openssl_0.9.8o-5ubuntu1.7.debian.tar.gz
Files:
e1830a3ae9eb4735f9721b749db5f956 2116 utils optional openssl_0.9.8o-5ubuntu1.7.dsc
ea7e13c7191d6cb47afdbfd0974d4099 108172 utils optional openssl_0.9.8o-5ubuntu1.7.debian.tar.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>
More information about the Natty-changes
mailing list