This bug was fixed in the package openssl - 0.9.8o-1ubuntu1
---------------
openssl (0.9.8o-1ubuntu1) maverick; urgency=low
* Merge from debian unstable, remaining changes (LP: #581167):
- debian/patches/Bsymbolic-functions.patch: Link using
-Bsymbolic-functions
- Ship documentation in openssl-doc, suggested by the package.
- Use a different priority for libssl0.9.8/restart-services
depending on whether a desktop, or server dist-upgrade is being
performed.
- Display a system restart required notification bubble on libssl0.9.8
upgrade.
- Replace duplicate files in the doc directory with symlinks.
- Move runtime libraries to /lib, for the benefit of wpasupplicant
- Use host compiler when cross-building (patch from Neil Williams in
Debian #465248).
- Don't run 'make test' when cross-building.
- Create libssl0.9.8-udeb, for the benefit of wget-udeb (LP: #503339).
- debian/patches/aesni.patch: Backport Intel AES-NI support from
http://rt.openssl.org/Ticket/Display.html?id=2067 (LP: #485518).
- debian/patches/perlpath-quilt.patch: Don't change perl #! paths
under .pc.
* Dropped patches, now upstream:
- debian/patches/CVE-2009-3245.patch
- debian/patches/CVE-2010-0740.patch
- debian/patches/dtls-compatibility.patch
- debian/patches/CVE-2009-4355.patch
* Dropped "Add support for lpia".
* Dropped "Disable SSLv2 during compile" as this had never actually
disabled SSLv2.
* Don't disable CVE-2009-3555.patch for Maverick.
openssl (0.9.8o-1) unstable; urgency=low
* New upstream version
- Add SHA2 algorithms to SSL_library_init().
- aes-x86_64.pl is now PIC, update pic.patch.
* Add sparc64 support (Closes: #560240)
openssl (0.9.8n-1) unstable; urgency=high
* New upstream version.
- Fixes CVE-2010-0740.
- Drop cfb.patch, applied upstream.
openssl (0.9.8m-2) unstable; urgency=low
* Revert CFB block length change preventing reading older files.
(Closes: #571810, #571940)
openssl (0.9.8m-1) unstable; urgency=low
* New upstream version
- Implements RFC5746, reenables renegotiation but requires the extension.
- Fixes CVE-2009-3245
- Drop patches CVE-2009-4355.patch, CVE-2009-1378.patch,
CVE-2009-1377.patch, CVE-2009-1379.patch, CVE-2009-3555.patch,
CVE-2009-2409.patch, CVE-2009-1387.patch, tls_ext_v3.patch,
no_check_self_signed.patch: applied upstream
- pk7_mime_free.patch removed, code rewritten
- ca.diff partially applied upstream
- engines-path.patch adjusted, upstream made some minor changes to the
build system.
- some flags changed values, bump shlibs.
* Switch to 3.0 (quilt) source package.
* Make sure the package is properly cleaned.
* Add ${misc:Depends} to the Depends on all packages.
* Fix spelling of extension in the changelog file.
openssl (0.9.8k-8) unstable; urgency=high
* Clean up zlib state so that it will be reinitialized on next use and
not cause a memory leak. (CVE-2009-4355, CVE-2008-1678)
-- Marc Deslauriers <[email protected]> Mon, 14 Jun 2010 09:08:29
-0400
** Changed in: openssl (Ubuntu)
Status: Confirmed => Fix Released
** Bug watch added: OpenSSL RT #2067
http://rt.openssl.org/Ticket/Display.html?id=2067
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-1678
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1377
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1378
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1379
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1387
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-2409
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3245
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3555
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-4355
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0740
--
Please merge openssl 0.9.8n-1 into ubuntu
https://bugs.launchpad.net/bugs/581167
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
