openssl (0.9.8k-7ubuntu8.15) lucid-security; urgency=low
* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
(LP: #1187195)
- CVE-2012-4929
- debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
zlib to compress SSL/TLS unless the environment variable
OPENSSL_DEFAULT_ZLIB is set in the environment during library
initialization.
- Introduced to assist with programs not yet updated to provide their own
controls on compression, such as Postfix
-
http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch
Date: 2013-06-04 07:15:27.010947+00:00
Changed-By: Seth Arnold <[email protected]>
Signed-By: Marc Deslauriers <[email protected]>
https://launchpad.net/ubuntu/lucid/+source/openssl/0.9.8k-7ubuntu8.15
Sorry, changesfile not available.
--
Lucid-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/lucid-changes
