openssl (1.0.1-4ubuntu5.45) precise-security; urgency=medium

  * SECURITY UPDATE: EDIPARTYNAME NULL pointer de-ref
    - 
debian/patches/DirectoryString-is-a-CHOICE-type-and-therefore-uses-expli.patch:
      use explicit tagging for DirectoryString in crypto/x509v3/v3_genn.c.
    - debian/patches/Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch:
      correctly compare EdiPartyName in crypto/x509v3/v3_genn.c.
    - 
debian/patches/Check-that-multi-strings-CHOICE-types-don-t-use-implicit-.patch:
      check that multi-strings/CHOICE types don't use implicit tagging in
      crypto/asn1/asn1_err.c, crypto/asn1/tasn_dec.c, crypto/asn1/asn1.h.
    - 
debian/patches/Complain-if-we-are-attempting-to-encode-with-an-invalid-A.patch:
      complain if we are attempting to encode with an invalid ASN.1 template in
      crypto/asn1/asn1_err.c, crypto/asn1/tasn_enc.c, crypto/asn1/asn1.h.
    - CVE-2020-1971 
  * SECURITY UPDATE: Null pointer deref in X509_issuer_and_serial_hash()
    - debian/patches/CVE-2021-23841.patch: fix Null pointer deref in
      crypto/x509/x509_cmp.c.
    - CVE-2021-23841

openssl (1.0.1-4ubuntu5.44) precise-security; urgency=medium

  * SECURITY UPDATE: ECDSA remote timing attack
    - debian/patches/CVE-2019-1547.patch: for ECC parameters with NULL or
      zero cofactor, compute it in crypto/ec/ec.h, crypto/ec/ec_err.c,
      crypto/ec/ec_lib.c.
    - CVE-2019-1547
  * SECURITY UPDATE: 0-byte record padding oracle
    - debian/patches/CVE-2019-1559*.patch: go into the error state if a
      fatal alert is sent or received in ssl/d1_pkt.c, ssl/s3_pkt.ci,
      ssl/ssl.h.
    - CVE-2019-1559
  * SECURITY UPDATE: Padding Oracle issue
    - debian/patches/CVE-2019-1563.patch: fix a padding oracle in
      PKCS7_dataDecode and CMS_decrypt_set1_pkey in crypto/cms/cms_env.c,
      crypto/cms/cms_lcl.h, crypto/cms/cms_smime.c,
      crypto/pkcs7/pk7_doit.c.
    - CVE-2019-1563

openssl (1.0.1-4ubuntu5.43) precise-security; urgency=medium

  * SECURITY UPDATE: Key Extraction side channel
    - debian/patches/CVE-2018-0495.patch: fix in
      crypto/ecdsa/ecdsatest.c, crypto/ecdsa/ecs_ossl.c.
    - CVE-2018-0495
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-0732.patch: fix in
      crypto/dh/dh_key.c.
    - CVE-2018-0732
  * SECURITY UPDATE: Cache timing side channel
    - debian/patches/CVE-2018-0737-*.patch: additional patches
    - CVE-2017-0737

openssl (1.0.1-4ubuntu5.41) precise-security; urgency=medium

  * SECURITY UPDATE: Cache timing side channel
    - debian/patches/CVE-2018-0737.patch: ensure BN_mod_inverse
      and BN_mod_exp_mont get called with BN_FLG_CONSTTIME flag set
      in crypto/rsa/rsa_gen.c.
    - CVE-2018-0737

openssl (1.0.1-4ubuntu5.40) precise-security; urgency=medium

  * SECURITY UPDATE: DoS via ASN.1 types with a recursive definition
    - debian/patches/CVE-2018-0739.patch: limit stack depth in
      crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/tasn_dec.c.
    - CVE-2018-0739
  * SECURITY UPDATE: Malformed X.509 IPAddressFamily could cause OOB read
    - debian/patches/CVE-2017-3735.patch: avoid out-of-bounds read in
      crypto/x509v3/v3_addr.c.
    - CVE-2017-3735

Date: 2021-02-23 01:58:08.883307+00:00
Changed-By: Avital Ostromich <avital.ostrom...@canonical.com>
Signed-By: Steve Langasek <steve.langa...@canonical.com>
https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.45
Sorry, changesfile not available.
-- 
Precise-changes mailing list
Precise-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/precise-changes

Reply via email to