[ubuntu/raring-updates] openssl 1.0.1c-4ubuntu8.1 (Accepted)

Ubuntu Archive Robot Thu, 04 Jul 2013 05:58:46 -0700

openssl (1.0.1c-4ubuntu8.1) raring-security; urgency=low

  * SECURITY UPDATE: Disable compression to avoid CRIME systemwide
    (LP: #1187195)
    - CVE-2012-4929
    - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
      zlib to compress SSL/TLS unless the environment variable
      OPENSSL_DEFAULT_ZLIB is set in the environment during library
      initialization.
    - Introduced to assist with programs not yet updated to provide their own
      controls on compression, such as Postfix
    - 
http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch


Date: 2013-06-04 07:20:17.782011+00:00
Changed-By: Seth Arnold <[email protected]>
Signed-By: Ubuntu Archive Robot 
<[email protected]>
https://launchpad.net/ubuntu/raring/+source/openssl/1.0.1c-4ubuntu8.1

Sorry, changesfile not available.

-- 
Raring-changes mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/raring-changes

[ubuntu/raring-updates] openssl 1.0.1c-4ubuntu8.1 (Accepted)

Reply via email to