[ubuntu/quantal-security] openssl 1.0.1c-3ubuntu2.7 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Apr 7 21:44:48 UTC 2014
openssl (1.0.1c-3ubuntu2.7) quantal-security; urgency=medium
* SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
- debian/patches/CVE-2014-0076.patch: add and use constant time swap in
crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
util/libeay.num.
- CVE-2014-0076
* SECURITY UPDATE: memory disclosure in TLS heartbeat extension
- debian/patches/CVE-2014-0160.patch: use correct lengths in
ssl/d1_both.c, ssl/t1_lib.c.
- CVE-2014-0160
Date: 2014-04-07 20:20:13.418815+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/quantal/+source/openssl/1.0.1c-3ubuntu2.7
-------------- next part --------------
Sorry, changesfile not available.
More information about the Quantal-changes
mailing list