openssl (1.0.0e-2ubuntu4.6) oneiric-security; urgency=low
* SECURITY UPDATE: denial of service attack in DTLS implementation
- debian/patches/CVE_2012-2333.patch: guard for integer overflow
before skipping explicit IV
- CVE-2012-2333
* SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7
- debian/patches/CVE-2012-0884.patch: use a random key if RSA
decryption fails to avoid leaking timing information
- CVE-2012-0884
* debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto
errors in PKCS7_decrypt and initialize tkeylen properly when
encrypting CMS messages.
Date: Tue, 22 May 2012 15:24:09 -0700
Changed-By: Steve Beattie <[email protected]>
Maintainer: Ubuntu Developers <[email protected]>
https://launchpad.net/ubuntu/oneiric/+source/openssl/1.0.0e-2ubuntu4.6
Format: 1.8
Date: Tue, 22 May 2012 15:24:09 -0700
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev
libssl-doc libssl1.0.0-dbg
Architecture: source
Version: 1.0.0e-2ubuntu4.6
Distribution: oneiric-security
Urgency: low
Maintainer: Ubuntu Developers <[email protected]>
Changed-By: Steve Beattie <[email protected]>
Description:
libcrypto1.0.0-udeb - crypto shared library - udeb (udeb)
libssl-dev - SSL development libraries, header files and documentation
libssl-doc - SSL development documentation documentation
libssl1.0.0 - SSL shared libraries
libssl1.0.0-dbg - Symbol tables for libssl and libcrypto
libssl1.0.0-udeb - ssl shared library - udeb (udeb)
openssl - Secure Socket Layer (SSL) binary and related cryptographic tools
Changes:
openssl (1.0.0e-2ubuntu4.6) oneiric-security; urgency=low
.
* SECURITY UPDATE: denial of service attack in DTLS implementation
- debian/patches/CVE_2012-2333.patch: guard for integer overflow
before skipping explicit IV
- CVE-2012-2333
* SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7
- debian/patches/CVE-2012-0884.patch: use a random key if RSA
decryption fails to avoid leaking timing information
- CVE-2012-0884
* debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto
errors in PKCS7_decrypt and initialize tkeylen properly when
encrypting CMS messages.
Checksums-Sha1:
40104e8696b5c8382965df397462a870a604f33d 2087 openssl_1.0.0e-2ubuntu4.6.dsc
00b0bfb65e7fe45b0ac279038d1629b764fc9d79 124853
openssl_1.0.0e-2ubuntu4.6.debian.tar.gz
Checksums-Sha256:
480e85a5fa869fd3f222ac6c74321e757caf185a45bf8d55857e7a75e84ffde7 2087
openssl_1.0.0e-2ubuntu4.6.dsc
633855dc54b07e2ca125633990b0ea895b30778ed0a79cfe6c871d9422b579b4 124853
openssl_1.0.0e-2ubuntu4.6.debian.tar.gz
Files:
2f3be024d2603c7061421e322e3d168a 2087 utils optional
openssl_1.0.0e-2ubuntu4.6.dsc
782d04b39ced714b50e5964e140fe6bd 124853 utils optional
openssl_1.0.0e-2ubuntu4.6.debian.tar.gz
Original-Maintainer: Debian OpenSSL Team
<[email protected]>
--
Oneiric-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/oneiric-changes
