[ubuntu/lucid-security] openssl_0.9.8k-7ubuntu8.13_sparc_translations.tar.gz, openssl_0.9.8k-7ubuntu8.13_armel_translations.tar.gz, openssl, openssl_0.9.8k-7ubuntu8.13_amd64_translations.tar.gz, openssl_0.9.8k-7ubuntu8.13_i386_translations.tar.gz, openssl_0.9.8k-7ubuntu8.13_powerpc_translations.tar.gz, openssl_0.9.8k-7ubuntu8.13_ia64_translations.tar.gz 0.9.8k-7ubuntu8.13 (Accepted)

Steve Beattie Thu, 24 May 2012 12:05:21 -0700

openssl (0.9.8k-7ubuntu8.13) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service attack in DTLS implementation
    - debian/patches/CVE_2012-2333.patch: guard for integer overflow
      before skipping explicit IV
    - CVE-2012-2333
  * SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7
    - debian/patches/CVE-2012-0884.patch: use a random key if RSA
      decryption fails to avoid leaking timing information
    - CVE-2012-0884
  * debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto
    errors in PKCS7_decrypt and initialize tkeylen properly when
    encrypting CMS messages.


Date: Tue, 22 May 2012 16:11:28 -0700
Changed-By: Steve Beattie <[email protected]>
Maintainer: Ubuntu Developers <[email protected]>
https://launchpad.net/ubuntu/lucid/+source/openssl/0.9.8k-7ubuntu8.13

Format: 1.8
Date: Tue, 22 May 2012 16:11:28 -0700
Source: openssl
Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl0.9.8-udeb 
libssl-dev libssl0.9.8-dbg
Architecture: source
Version: 0.9.8k-7ubuntu8.13
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <[email protected]>
Changed-By: Steve Beattie <[email protected]>
Description: 
 libcrypto0.9.8-udeb - crypto shared library - udeb (udeb)
 libssl-dev - SSL development libraries, header files and documentation
 libssl0.9.8 - SSL shared libraries
 libssl0.9.8-dbg - Symbol tables for libssl and libcrypto
 libssl0.9.8-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Socket Layer (SSL) binary and related cryptographic tools
 openssl-doc - Secure Socket Layer (SSL) documentation
Changes: 
 openssl (0.9.8k-7ubuntu8.13) lucid-security; urgency=low
 .
   * SECURITY UPDATE: denial of service attack in DTLS implementation
     - debian/patches/CVE_2012-2333.patch: guard for integer overflow
       before skipping explicit IV
     - CVE-2012-2333
   * SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7
     - debian/patches/CVE-2012-0884.patch: use a random key if RSA
       decryption fails to avoid leaking timing information
     - CVE-2012-0884
   * debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto
     errors in PKCS7_decrypt and initialize tkeylen properly when
     encrypting CMS messages.
Checksums-Sha1: 
 5347fc973988da456cf4739103f061251bf73c71 2101 openssl_0.9.8k-7ubuntu8.13.dsc
 d2eec2e6e818f57bbf2c0061e2b73eed8ab0afbc 129751 
openssl_0.9.8k-7ubuntu8.13.diff.gz
Checksums-Sha256: 
 f2a1c1e04b3374423bffbd0d126107197ba71aeb639957b716e98aa286983799 2101 
openssl_0.9.8k-7ubuntu8.13.dsc
 0801281318119ff7678a5d87afcf559c0178af692caa8111f337e1e2009c077a 129751 
openssl_0.9.8k-7ubuntu8.13.diff.gz
Files: 
 4d50c863a613e005dc7913fd19648b7f 2101 utils optional 
openssl_0.9.8k-7ubuntu8.13.dsc
 fb95d076ffcc1c11f07680b27d0462b0 129751 utils optional 
openssl_0.9.8k-7ubuntu8.13.diff.gz
Original-Maintainer: Debian OpenSSL Team 
<[email protected]>

-- 
Lucid-changes mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

Reply via email to