[ubuntu/natty-security] openssl_0.9.8o-5ubuntu1.4_powerpc_translations.tar.gz, openssl_0.9.8o-5ubuntu1.4_i386_translations.tar.gz, openssl_0.9.8o-5ubuntu1.4_armel_translations.tar.gz, openssl, openssl_0.9.8o-5ubuntu1.4_amd64_translations.tar.gz 0.9.8o-5ubuntu1.4 (Accepted)

[Jamie Strandboge]

openssl (0.9.8o-5ubuntu1.4) natty-security; urgency=low

  * SECURITY UPDATE: NULL pointer dereference in S/MIME messages with broken
    headers
    - debian/patches/CVE-2006-7250+2012-1165.patch: adjust mime_hdr_cmp()
      and mime_param_cmp() to not dereference the compared strings if either
      is NULL
    - CVE-2006-7250
    - CVE-2012-1165
  * SECURITY UPDATE: fix various overflows
    - debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c,
      crypto/buffer.c and crypto/mem.c to verify size of lengths
    - CVE-2012-2110

Date: Thu, 19 Apr 2012 09:39:15 -0500
Changed-By: Jamie Strandboge <ja...@ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/openssl/0.9.8o-5ubuntu1.4

Format: 1.8
Date: Thu, 19 Apr 2012 09:39:15 -0500
Source: openssl
Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl0.9.8-udeb 
libssl-dev libssl0.9.8-dbg
Architecture: source
Version: 0.9.8o-5ubuntu1.4
Distribution: natty-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
Changed-By: Jamie Strandboge <ja...@ubuntu.com>
Description: 
 libcrypto0.9.8-udeb - crypto shared library - udeb (udeb)
 libssl-dev - SSL development libraries, header files and documentation
 libssl0.9.8 - SSL shared libraries
 libssl0.9.8-dbg - Symbol tables for libssl and libcrypto
 libssl0.9.8-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Socket Layer (SSL) binary and related cryptographic tools
 openssl-doc - Secure Socket Layer (SSL) documentation
Changes: 
 openssl (0.9.8o-5ubuntu1.4) natty-security; urgency=low
 .
   * SECURITY UPDATE: NULL pointer dereference in S/MIME messages with broken
     headers
     - debian/patches/CVE-2006-7250+2012-1165.patch: adjust mime_hdr_cmp()
       and mime_param_cmp() to not dereference the compared strings if either
       is NULL
     - CVE-2006-7250
     - CVE-2012-1165
   * SECURITY UPDATE: fix various overflows
     - debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c,
       crypto/buffer.c and crypto/mem.c to verify size of lengths
     - CVE-2012-2110
Checksums-Sha1: 
 c6a6fbef9b657de413d8d924fcbf68177bc45e81 2116 openssl_0.9.8o-5ubuntu1.4.dsc
 c46039fa77261bb30000c7a68e70baf72274278c 102614 
openssl_0.9.8o-5ubuntu1.4.debian.tar.gz
Checksums-Sha256: 
 529599f7ccd2585d0d11e78eca0ad2bb9737cc17cef1092eb30403522c4b7bf3 2116 
openssl_0.9.8o-5ubuntu1.4.dsc
 21ed889a41db1e2a5b76c31324b74c9f7e08afb5a1d1da590c9c4314b89c5d0e 102614 
openssl_0.9.8o-5ubuntu1.4.debian.tar.gz
Files: 
 6186773b43098c4707acfeb090dfe259 2116 utils optional 
openssl_0.9.8o-5ubuntu1.4.dsc
 b8b8ba62d1ee0bc0119056d23dcc03de 102614 utils optional 
openssl_0.9.8o-5ubuntu1.4.debian.tar.gz
Original-Maintainer: Debian OpenSSL Team 
<pkg-openssl-de...@lists.alioth.debian.org>

-- 
Natty-changes mailing list
Natty-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/natty-changes