[ubuntu/precise-updates] openssl 1.0.1-4ubuntu5.6 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Feb 21 13:59:19 UTC 2013
openssl (1.0.1-4ubuntu5.6) precise-security; urgency=low
* SECURITY UPDATE: denial of service via invalid OCSP key
- debian/patches/CVE-2013-0166.patch: properly handle NULL key in
crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
- CVE-2013-0166
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
- debian/patches/CVE-2013-0169.patch: massive code changes
- CVE-2013-0169
* SECURITY UPDATE: denial of service via AES-NI and crafted CBC data
- Fix included in CVE-2013-0169 patch
- CVE-2012-2686
Date: 2013-02-18 21:30:15.729977+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/precise/+source/openssl/1.0.1-4ubuntu5.6
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list