[ubuntu/quantal-security] openssl 1.0.1c-3ubuntu2.5 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Thu Jul 4 12:18:31 UTC 2013

openssl (1.0.1c-3ubuntu2.5) quantal-security; urgency=low

  * SECURITY UPDATE: Disable compression to avoid CRIME systemwide
    (LP: #1187195)
    - CVE-2012-4929
    - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
      zlib to compress SSL/TLS unless the environment variable
      OPENSSL_DEFAULT_ZLIB is set in the environment during library
    - Introduced to assist with programs not yet updated to provide their own
      controls on compression, such as Postfix
    - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch

openssl (1.0.1c-3ubuntu2.4) quantal; urgency=low

  [ Dmitrijs Ledkovs ]
  * Enable arm assembly code. (LP: #1083498) (Closes: #676533)
  * Enable optimized 64bit elliptic curve code contributed by Google. (LP: #1018522)

  [ Marc Deslauriers ]
  * debian/patches/fix_key_decoding_deadlock.patch: Fix possible deadlock
    when decoding public keys. (LP: #1066032)

Date: 2013-06-04 07:20:13.281384+00:00
Changed-By: Seth Arnold <seth.arnold at canonical.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Quantal-changes mailing list