[ubuntu/precise-security] openssl 1.0.1-4ubuntu5.6 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Thu Feb 21 13:32:26 UTC 2013

openssl (1.0.1-4ubuntu5.6) precise-security; urgency=low

  * SECURITY UPDATE: denial of service via invalid OCSP key
    - debian/patches/CVE-2013-0166.patch: properly handle NULL key in
      crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
    - CVE-2013-0166
  * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
    - debian/patches/CVE-2013-0169.patch: massive code changes
    - CVE-2013-0169
  * SECURITY UPDATE: denial of service via AES-NI and crafted CBC data
    - Fix included in CVE-2013-0169 patch
    - CVE-2012-2686

openssl (1.0.1-4ubuntu5.5) precise-proposed; urgency=low

  * debian/patches/lp973741.patch: Apply complete and more recent changeset,
    which fixes original issue on Intel CPUs and fixes FTBFS on non-x86
    architectures. (LP: #973741)

openssl (1.0.1-4ubuntu5.4) precise-proposed; urgency=low

  * debian/patches/lp973741.patch: Avoid segfault on legacy Intel CPUs
    by using correct cypher. (LP: #973741)

Date: 2013-02-18 21:30:15.729977+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Precise-changes mailing list