[ubuntu/quantal-updates] openssl 1.0.1c-3ubuntu2.5 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Jul 4 12:58:21 UTC 2013
openssl (1.0.1c-3ubuntu2.5) quantal-security; urgency=low
* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
(LP: #1187195)
- CVE-2012-4929
- debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
zlib to compress SSL/TLS unless the environment variable
OPENSSL_DEFAULT_ZLIB is set in the environment during library
initialization.
- Introduced to assist with programs not yet updated to provide their own
controls on compression, such as Postfix
- http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch
Date: 2013-06-04 07:20:13.281384+00:00
Changed-By: Seth Arnold <seth.arnold at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/quantal/+source/openssl/1.0.1c-3ubuntu2.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the Quantal-changes
mailing list