[ubuntu/dapper-security] openssl (delayed), openssl 0.9.8a-7ubuntu0.13 (Accepted)

[Ubuntu Installer]

openssl (0.9.8a-7ubuntu0.13) dapper-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    unchecked bn_wexpand return values. (LP: #655884)
    - crypto/bn/{bn_mul,bn_div,bn_gf2m}.c, crypto/ec/ec2_smpl.c,
      engines/e_ubsec.c: check return values.
    - http://cvs.openssl.org/chngview?cn=18936
    - http://cvs.openssl.org/chngview?cn=19309
    - CVE-2009-3245
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted private key with an invalid prime.
    - ssl/s3_clnt.c: set bn_ctx to NULL after freeing it.
    - http://www.mail-archive.com/openssl-...@openssl.org/msg28049.html
    - CVE-2010-2939

Date: Wed, 06 Oct 2010 18:24:13 -0400
Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com>
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
https://launchpad.net/ubuntu/dapper/+source/openssl/0.9.8a-7ubuntu0.13

Format: 1.7
Date: Wed, 06 Oct 2010 18:24:13 -0400
Source: openssl
Binary: libssl-dev openssl libssl0.9.8-dbg libcrypto0.9.8-udeb libssl0.9.8
Architecture: source
Version: 0.9.8a-7ubuntu0.13
Distribution: dapper-security
Urgency: low
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com>
Description: 
 libcrypto0.9.8-udeb - crypto shared library - udeb
 libssl-dev - SSL development libraries, header files and documentation
 libssl0.9.8 - SSL shared libraries
 libssl0.9.8-dbg - Symbol tables for libssl and libcrypt
 openssl    - Secure Socket Layer (SSL) binary and related cryptographic tools
Changes: 
 openssl (0.9.8a-7ubuntu0.13) dapper-security; urgency=low
 .
   * SECURITY UPDATE: denial of service and possible code execution via
     unchecked bn_wexpand return values. (LP: #655884)
     - crypto/bn/{bn_mul,bn_div,bn_gf2m}.c, crypto/ec/ec2_smpl.c,
       engines/e_ubsec.c: check return values.
     - http://cvs.openssl.org/chngview?cn=18936
     - http://cvs.openssl.org/chngview?cn=19309
     - CVE-2009-3245
   * SECURITY UPDATE: denial of service and possible code execution via
     crafted private key with an invalid prime.
     - ssl/s3_clnt.c: set bn_ctx to NULL after freeing it.
     - http://www.mail-archive.com/openssl-...@openssl.org/msg28049.html
     - CVE-2010-2939
Files: 
 7b2460515cb03fa7122e6973a472d802 1465 utils optional 
openssl_0.9.8a-7ubuntu0.13.dsc
 2ff284e0b0ec7eb599b79abafe900961 68027 utils optional 
openssl_0.9.8a-7ubuntu0.13.diff.gz
Package-Type: udeb

-- 
dapper-changes mailing list
dapper-changes@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/dapper-changes