This bug was fixed in the package openssl - 1.0.1e-2ubuntu1.1
---------------
openssl (1.0.1e-2ubuntu1.1) saucy-security; urgency=low
* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
(LP: #1187195)
- CVE-2012-4929
- debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
zlib to compress SSL/TLS unless the environment variable
OPENSSL_DEFAULT_ZLIB is set in the environment during library
initialization.
- Introduced to assist with programs not yet updated to provide their own
controls on compression, such as Postfix
-
http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch
-- Seth Arnold <[email protected]> Mon, 03 Jun 2013 18:14:05 -0700
** Changed in: openssl (Ubuntu Saucy)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-4929
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1187195
Title:
OpenSSL site-wide compression disable tracking bug
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1187195/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
