[ubuntu/utopic-proposed] openssl 1.0.1f-1ubuntu3 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Fri May 2 20:20:15 UTC 2014
openssl (1.0.1f-1ubuntu3) utopic; urgency=medium
* SECURITY UPDATE: denial of service via use after free
- debian/patches/CVE-2010-5298.patch: check s->s3->rbuf.left before
releasing buffers in ssl/s3_pkt.c.
- CVE-2010-5298
* SECURITY UPDATE: denial of service via null pointer dereference
- debian/patches/CVE-2014-0198.patch: if buffer was released, get a new
one in ssl/s3_pkt.c.
- CVE-2014-0198
Date: Fri, 02 May 2014 15:18:26 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/utopic/+source/openssl/1.0.1f-1ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 02 May 2014 15:18:26 -0400
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: source
Version: 1.0.1f-1ubuntu3
Distribution: utopic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
libssl-dev - Secure Sockets Layer toolkit - development files
libssl-doc - Secure Sockets Layer toolkit - development documentation
libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information
libssl1.0.0-udeb - ssl shared library - udeb (udeb)
openssl - Secure Sockets Layer toolkit - cryptographic utility
Changes:
openssl (1.0.1f-1ubuntu3) utopic; urgency=medium
.
* SECURITY UPDATE: denial of service via use after free
- debian/patches/CVE-2010-5298.patch: check s->s3->rbuf.left before
releasing buffers in ssl/s3_pkt.c.
- CVE-2010-5298
* SECURITY UPDATE: denial of service via null pointer dereference
- debian/patches/CVE-2014-0198.patch: if buffer was released, get a new
one in ssl/s3_pkt.c.
- CVE-2014-0198
Checksums-Sha1:
d19afdb3d1852ebf9f94ab2d67bf642e5dd2445b 2418 openssl_1.0.1f-1ubuntu3.dsc
2a410447f4f1292130a94d60e883dc729838e3d4 95540 openssl_1.0.1f-1ubuntu3.debian.tar.xz
Checksums-Sha256:
ff8ce11a419273502a39ec11c9333cbe10107a65a4632f47eda1d55b0f8bb4ab 2418 openssl_1.0.1f-1ubuntu3.dsc
89d23c2889bcdf039250ced3801a2c0fbc676571ba5270482ce8c68c13de146b 95540 openssl_1.0.1f-1ubuntu3.debian.tar.xz
Files:
c3527264aaf0269d3b75dc6bb6d55e99 2418 utils optional openssl_1.0.1f-1ubuntu3.dsc
6c60764f46e1276608e7dd1a4e7480a9 95540 utils optional openssl_1.0.1f-1ubuntu3.debian.tar.xz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJTY/xPAAoJEGVp2FWnRL6TkbYP/2KcprIffFWilPI/V5DZFUO9
8lMv+NRJEraM2VriiX/RcjgGu4Sd2+TddEZGhLYy4gshquWOeVbDegPEuxZX8AfH
sSpI1NabCAMzcaoms+NGFSI5OfD+wbuJDwBxWzQTSKGXwy18ydACKcyWQo5QCImo
JiP2TOKaaYZFK4akZS1BdK1tdDZkcfsxADaVqumcvejqe38jyoUy0bUr46fFhiEk
PzeHyXOj7LCJjZhu6YDS+gtCT9sHyFG6YGZFKSHiWtoiaU2NlIaQj1YsDqT/yUXo
vQ6xMS/JS12PAXjs8nXDQ5H4qpQ6IOmDZ4f0oos1mO5Crakk1ojQi/6Bi2dAILLF
HmPfsxJt4XOFA/qAFXR3SR2mam+QkzQBZvpgL7qU9dewwyirVjo3Ctls3xFdxTYa
V8Z08UE5hfb/8ZZLno2WBCBM5vAM+SWj3rtMFy3xNScNsFxlCVeK8xQrKDe8njMr
Ni6C1zAY+tpGI2O8viYV4Npd0ZOXpP/X2XQxSl4i1Q/BizKIqC21nN05NB6gg+C5
MnapPs50TVLEwjKdnUZXfGvtc/oIF53WYqyJ9iyG9putd7mNgnWcRxBOuLiGvL8o
xguy8mRGU9JjWGnrP4dHGUkYcHSLYQUy0ydyBtSMVRoDO4e6HoB2WJgDMATYbuUJ
DYrU33xl8rM73wbFhYtk
=ltVx
-----END PGP SIGNATURE-----
More information about the Utopic-changes
mailing list