openssl (1.0.2g-1ubuntu4.10) xenial-security; urgency=medium

  * SECURITY UPDATE: Read/write after SSL object in error state
    - debian/patches/CVE-2017-3737-pre.patch: add test/ssltestlib.*,
      add to test/Makefile.
    - debian/patches/CVE-2017-3737-1.patch: don't allow read/write after
      fatal error in ssl/ssl.h.
    - debian/patches/CVE-2017-3737-2.patch: add test to ssl/Makefile,
      ssl/fatalerrtest.c, test/Makefile.
    - CVE-2017-3737
  * SECURITY UPDATE: rsaz_1024_mul_avx2 overflow bug on x86_64
    - debian/patches/CVE-2017-3738.patch: fix digit correction bug in
    - CVE-2017-3738

Date: 2017-12-07 20:38:53.825333+00:00
Changed-By: Marc Deslauriers <>
Signed-By: Ubuntu Archive Robot 
Sorry, changesfile not available.
Xenial-changes mailing list
Modify settings or unsubscribe at:

Reply via email to