Call for testing: OpenSSL, compression security fix
Seth Arnold
seth.arnold at canonical.com
Mon Jun 10 21:54:08 UTC 2013
Hi,
I have pushed updated OpenSSL packages for Ubuntu 10.04 LTS, 12.04 LTS,
12.10, 13.04, and Saucy into the -proposed pocket. Saucy's OpenSSL has
been accepted into -release.
See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed.
The packages fix the following security issues:
http://en.wikipedia.org/wiki/CRIME_(security_exploit)
The update disables compression before encryption for all applications,
unless the OPENSSL_DEFAULT_ZLIB environment variable is defined in the
program's environment at start.
Please report any issues in the tracking bug:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1187195
If no issues are reported, I plan on releasing the packages as security
updates in a couple of weeks.
Thanks,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20130610/6be77c4a/attachment.pgp>
More information about the ubuntu-devel
mailing list