openssl (1.0.1-4ubuntu5.45) precise-security; urgency=medium
* SECURITY UPDATE: EDIPARTYNAME NULL pointer de-ref
-
debian/patches/DirectoryString-is-a-CHOICE-type-and-therefore-uses-expli.patch:
use explicit tagging for DirectoryString in crypto/x509v3/v3_genn.c.
- debian/patches/Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch:
correctly compare EdiPartyName in crypto/x509v3/v3_genn.c.
-
debian/patches/Check-that-multi-strings-CHOICE-types-don-t-use-implicit-.patch:
check that multi-strings/CHOICE types don't use implicit tagging in
crypto/asn1/asn1_err.c, crypto/asn1/tasn_dec.c, crypto/asn1/asn1.h.
-
debian/patches/Complain-if-we-are-attempting-to-encode-with-an-invalid-A.patch:
complain if we are attempting to encode with an invalid ASN.1 template in
crypto/asn1/asn1_err.c, crypto/asn1/tasn_enc.c, crypto/asn1/asn1.h.
- CVE-2020-1971
* SECURITY UPDATE: Null pointer deref in X509_issuer_and_serial_hash()
- debian/patches/CVE-2021-23841.patch: fix Null pointer deref in
crypto/x509/x509_cmp.c.
- CVE-2021-23841
openssl (1.0.1-4ubuntu5.44) precise-security; urgency=medium
* SECURITY UPDATE: ECDSA remote timing attack
- debian/patches/CVE-2019-1547.patch: for ECC parameters with NULL or
zero cofactor, compute it in crypto/ec/ec.h, crypto/ec/ec_err.c,
crypto/ec/ec_lib.c.
- CVE-2019-1547
* SECURITY UPDATE: 0-byte record padding oracle
- debian/patches/CVE-2019-1559*.patch: go into the error state if a
fatal alert is sent or received in ssl/d1_pkt.c, ssl/s3_pkt.ci,
ssl/ssl.h.
- CVE-2019-1559
* SECURITY UPDATE: Padding Oracle issue
- debian/patches/CVE-2019-1563.patch: fix a padding oracle in
PKCS7_dataDecode and CMS_decrypt_set1_pkey in crypto/cms/cms_env.c,
crypto/cms/cms_lcl.h, crypto/cms/cms_smime.c,
crypto/pkcs7/pk7_doit.c.
- CVE-2019-1563
openssl (1.0.1-4ubuntu5.43) precise-security; urgency=medium
* SECURITY UPDATE: Key Extraction side channel
- debian/patches/CVE-2018-0495.patch: fix in
crypto/ecdsa/ecdsatest.c, crypto/ecdsa/ecs_ossl.c.
- CVE-2018-0495
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-0732.patch: fix in
crypto/dh/dh_key.c.
- CVE-2018-0732
* SECURITY UPDATE: Cache timing side channel
- debian/patches/CVE-2018-0737-*.patch: additional patches
- CVE-2017-0737
openssl (1.0.1-4ubuntu5.41) precise-security; urgency=medium
* SECURITY UPDATE: Cache timing side channel
- debian/patches/CVE-2018-0737.patch: ensure BN_mod_inverse
and BN_mod_exp_mont get called with BN_FLG_CONSTTIME flag set
in crypto/rsa/rsa_gen.c.
- CVE-2018-0737
openssl (1.0.1-4ubuntu5.40) precise-security; urgency=medium
* SECURITY UPDATE: DoS via ASN.1 types with a recursive definition
- debian/patches/CVE-2018-0739.patch: limit stack depth in
crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/tasn_dec.c.
- CVE-2018-0739
* SECURITY UPDATE: Malformed X.509 IPAddressFamily could cause OOB read
- debian/patches/CVE-2017-3735.patch: avoid out-of-bounds read in
crypto/x509v3/v3_addr.c.
- CVE-2017-3735
Date: 2021-02-23 01:58:08.883307+00:00
Changed-By: Avital Ostromich <avital.ostrom...@canonical.com>
Signed-By: Steve Langasek <steve.langa...@canonical.com>
https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.45
Sorry, changesfile not available.
--
Precise-changes mailing list
Precise-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/precise-changes
