[ubuntu/oneiric-security] openssl_1.0.0e-2ubuntu4.6_amd64_translations.tar.gz, openssl_1.0.0e-2ubuntu4.6_i386_translations.tar.gz, openssl_1.0.0e-2ubuntu4.6_powerpc_translations.tar.gz, openssl, openssl_1.0.0e-2ubuntu4.6_armel_translations.tar.gz 1.0.0e-2ubuntu4.6 (Accepted)
Steve Beattie
sbeattie at ubuntu.com
Thu May 24 19:04:35 UTC 2012
openssl (1.0.0e-2ubuntu4.6) oneiric-security; urgency=low
* SECURITY UPDATE: denial of service attack in DTLS implementation
- debian/patches/CVE_2012-2333.patch: guard for integer overflow
before skipping explicit IV
- CVE-2012-2333
* SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7
- debian/patches/CVE-2012-0884.patch: use a random key if RSA
decryption fails to avoid leaking timing information
- CVE-2012-0884
* debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto
errors in PKCS7_decrypt and initialize tkeylen properly when
encrypting CMS messages.
Date: Tue, 22 May 2012 15:24:09 -0700
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/openssl/1.0.0e-2ubuntu4.6
-------------- next part --------------
Format: 1.8
Date: Tue, 22 May 2012 15:24:09 -0700
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: source
Version: 1.0.0e-2ubuntu4.6
Distribution: oneiric-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description:
libcrypto1.0.0-udeb - crypto shared library - udeb (udeb)
libssl-dev - SSL development libraries, header files and documentation
libssl-doc - SSL development documentation documentation
libssl1.0.0 - SSL shared libraries
libssl1.0.0-dbg - Symbol tables for libssl and libcrypto
libssl1.0.0-udeb - ssl shared library - udeb (udeb)
openssl - Secure Socket Layer (SSL) binary and related cryptographic tools
Changes:
openssl (1.0.0e-2ubuntu4.6) oneiric-security; urgency=low
.
* SECURITY UPDATE: denial of service attack in DTLS implementation
- debian/patches/CVE_2012-2333.patch: guard for integer overflow
before skipping explicit IV
- CVE-2012-2333
* SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7
- debian/patches/CVE-2012-0884.patch: use a random key if RSA
decryption fails to avoid leaking timing information
- CVE-2012-0884
* debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto
errors in PKCS7_decrypt and initialize tkeylen properly when
encrypting CMS messages.
Checksums-Sha1:
40104e8696b5c8382965df397462a870a604f33d 2087 openssl_1.0.0e-2ubuntu4.6.dsc
00b0bfb65e7fe45b0ac279038d1629b764fc9d79 124853 openssl_1.0.0e-2ubuntu4.6.debian.tar.gz
Checksums-Sha256:
480e85a5fa869fd3f222ac6c74321e757caf185a45bf8d55857e7a75e84ffde7 2087 openssl_1.0.0e-2ubuntu4.6.dsc
633855dc54b07e2ca125633990b0ea895b30778ed0a79cfe6c871d9422b579b4 124853 openssl_1.0.0e-2ubuntu4.6.debian.tar.gz
Files:
2f3be024d2603c7061421e322e3d168a 2087 utils optional openssl_1.0.0e-2ubuntu4.6.dsc
782d04b39ced714b50e5964e140fe6bd 124853 utils optional openssl_1.0.0e-2ubuntu4.6.debian.tar.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>
More information about the Oneiric-changes
mailing list