Fwd: Call for testing: OpenSSL, compression security fix

[Gema Gomez]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I believe this email was intended for ubuntu-quality as well :)

Gema


- -------- Original Message --------
Subject: Call for testing: OpenSSL, compression security fix
Date: Mon, 10 Jun 2013 14:54:08 -0700
From: Seth Arnold <seth.arnold at canonical.com>
To: ubuntu-devel at lists.ubuntu.com, ubuntu-qa at lists.ubuntu.com,
ubuntu-server at lists.ubuntu.com

Hi,

I have pushed updated OpenSSL packages for Ubuntu 10.04 LTS, 12.04 LTS,
12.10, 13.04, and Saucy into the -proposed pocket. Saucy's OpenSSL has
been accepted into -release.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed.

The packages fix the following security issues:

http://en.wikipedia.org/wiki/CRIME_(security_exploit)

The update disables compression before encryption for all applications,
unless the OPENSSL_DEFAULT_ZLIB environment variable is defined in the
program's environment at start.

Please report any issues in the tracking bug:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1187195

If no issues are reported, I plan on releasing the packages as security
updates in a couple of weeks.

Thanks,




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEcBAEBAgAGBQJRtrVLAAoJEGrsYwHIaYlg3vcH/16yReLfYkQkbcQPqR58Id6B
j7yB5Qi/Fm0CSzVLflssli9xLcxqcUCCcU7NOIeZafRCqpRxgSPKpIAJOcsaztPI
sF7m3OT4iP1b3dsySof5Hkn97qWIfEvuEZLHjel1tNSgvuUnfeHhkZM6yPD9EXIQ
XUK+9kc3MdJR3KrNyf4Vcu11K2rP63XIgMILR3uM1jqjX1KTpOxMxNr4SFRYHSWV
dfe07udhWnsKsNd5XXIzOn4UBV5d63J5Uz5nlc+V8FUQRhIU7PgL0nD8RcqfbJej
TAHu8reNo6NroqX2oWqHj7nwAroK+LokxQyO5K7kQ1kpG4BWSaVZgKPtYn+26JY=
=FEgb
-----END PGP SIGNATURE-----
-------------- next part --------------
-- 
ubuntu-devel mailing list
ubuntu-devel at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel