View Bazaar branches
Get this repository:
git clone https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
applied/ubuntu/artful-proposed 2017-05-19 13:13:19 UTC 2017-05-19
Import patches-applied version 1.0.2g-1ubuntu13 to applied/ubuntu/artful-prop...

Author: William Grant
Author Date: 2017-05-19 08:31:50 UTC

Import patches-applied version 1.0.2g-1ubuntu13 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 63e0192e22ace22d7f2b786aa039f3bde0bf4ced
Unapplied parent: cbb693c4127fe392e13a9bdd3db7761d66e19a7a

New changelog entries:
  * aes/asm/aesni-sha*-x86_64.pl: fix IV handling in SHAEXT paths.
    (LP: #1674399)

ubuntu/artful-proposed 2017-05-19 13:13:19 UTC 2017-05-19
Import patches-unapplied version 1.0.2g-1ubuntu13 to ubuntu/artful-proposed

Author: William Grant
Author Date: 2017-05-19 08:31:50 UTC

Import patches-unapplied version 1.0.2g-1ubuntu13 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: f3cdd9f5d72668fda74a2dcb46884ffc8a376251

New changelog entries:
  * aes/asm/aesni-sha*-x86_64.pl: fix IV handling in SHAEXT paths.
    (LP: #1674399)

ubuntu/artful 2017-05-19 13:13:19 UTC 2017-05-19
Import patches-unapplied version 1.0.2g-1ubuntu13 to ubuntu/artful-proposed

Author: William Grant
Author Date: 2017-05-19 08:31:50 UTC

Import patches-unapplied version 1.0.2g-1ubuntu13 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: f3cdd9f5d72668fda74a2dcb46884ffc8a376251

New changelog entries:
  * aes/asm/aesni-sha*-x86_64.pl: fix IV handling in SHAEXT paths.
    (LP: #1674399)

applied/ubuntu/artful 2017-05-19 13:13:19 UTC 2017-05-19
Import patches-applied version 1.0.2g-1ubuntu13 to applied/ubuntu/artful-prop...

Author: William Grant
Author Date: 2017-05-19 08:31:50 UTC

Import patches-applied version 1.0.2g-1ubuntu13 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 63e0192e22ace22d7f2b786aa039f3bde0bf4ced
Unapplied parent: cbb693c4127fe392e13a9bdd3db7761d66e19a7a

New changelog entries:
  * aes/asm/aesni-sha*-x86_64.pl: fix IV handling in SHAEXT paths.
    (LP: #1674399)

applied/ubuntu/yakkety-security 2017-01-31 17:43:30 UTC 2017-01-31
Import patches-applied version 1.0.2g-1ubuntu9.1 to applied/ubuntu/yakkety-se...

Author: Marc Deslauriers
Author Date: 2017-01-30 14:55:10 UTC

Import patches-applied version 1.0.2g-1ubuntu9.1 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 8cef225e7dc91c4930927a19bd7d27bf0e0935a4
Unapplied parent: 9718a07f0f35cf7927593ecd7d81038530ceac5b

New changelog entries:
  * SECURITY UPDATE: Montgomery multiplication may produce incorrect
    results
    - debian/patches/CVE-2016-7055.patch: fix logic in
      crypto/bn/asm/x86_64-mont.pl.
    - CVE-2016-7055
  * SECURITY UPDATE: DoS via warning alerts
    - debian/patches/CVE-2016-8610.patch: don't allow too many consecutive
      warning alerts in ssl/d1_pkt.c, ssl/s3_pkt.c, ssl/ssl.h,
      ssl/ssl_locl.h.
    - debian/patches/CVE-2016-8610-2.patch: fail if an unrecognised record
      type is received in ssl/s3_pkt.c.
    - CVE-2016-8610
  * SECURITY UPDATE: Truncated packet could crash via OOB read
    - debian/patches/CVE-2017-3731.patch: harden RC4_MD5 cipher in
      crypto/evp/e_rc4_hmac_md5.c.
    - CVE-2017-3731
  * SECURITY UPDATE: BN_mod_exp may produce incorrect results on x86_64
    - debian/patches/CVE-2017-3732.patch: fix carry bug in
      bn_sqr8x_internal in crypto/bn/asm/x86_64-mont5.pl.
    - CVE-2017-3732

applied/ubuntu/precise-updates 2017-01-31 17:43:30 UTC 2017-01-31
Import patches-applied version 1.0.1-4ubuntu5.39 to applied/ubuntu/precise-se...

Author: Marc Deslauriers
Author Date: 2017-01-30 19:30:36 UTC

Import patches-applied version 1.0.1-4ubuntu5.39 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 12d1e853c5b11fc4cda49470581f216e95dbd2a8
Unapplied parent: 5f929762255950fc32fc232ed526c344e884ab68

New changelog entries:
  * SECURITY UPDATE: Pointer arithmetic undefined behaviour
    - debian/patches/CVE-2016-2177-pre.patch: check for ClientHello message
      overruns in ssl/s3_srvr.c.
    - debian/patches/CVE-2016-2177-pre2.patch: validate ClientHello
      extension field length in ssl/t1_lib.c.
    - debian/patches/CVE-2016-2177-pre3.patch: pass in a limit rather than
      calculate it in ssl/s3_srvr.c, ssl/ssl_locl.h, ssl/t1_lib.c.
    - debian/patches/CVE-2016-2177.patch: avoid undefined pointer
      arithmetic in ssl/s3_srvr.c, ssl/t1_lib.c,
    - CVE-2016-2177
  * SECURITY UPDATE: ECDSA P-256 timing attack key recovery
    - debian/patches/CVE-2016-7056.patch: use BN_mod_exp_mont_consttime in
      crypto/ec/ec.h, crypto/ec/ec_lcl.h, crypto/ec/ec_lib.c,
      crypto/ecdsa/ecs_ossl.c.
    - CVE-2016-7056
  * SECURITY UPDATE: DoS via warning alerts
    - debian/patches/CVE-2016-8610.patch: don't allow too many consecutive
      warning alerts in ssl/d1_pkt.c, ssl/s3_pkt.c, ssl/ssl.h,
      ssl/ssl_locl.h.
    - debian/patches/CVE-2016-8610-2.patch: fail if an unrecognised record
      type is received in ssl/s3_pkt.c.
    - CVE-2016-8610
  * SECURITY UPDATE: Truncated packet could crash via OOB read
    - debian/patches/CVE-2017-3731-pre.patch: sanity check
      EVP_CTRL_AEAD_TLS_AAD in crypto/evp/e_aes.c,
      crypto/evp/e_aes_cbc_hmac_sha1.c, crypto/evp/e_rc4_hmac_md5.c,
      crypto/evp/evp.h, ssl/t1_enc.c.
    - debian/patches/CVE-2017-3731.patch: harden RC4_MD5 cipher in
      crypto/evp/e_rc4_hmac_md5.c.
    - CVE-2017-3731

ubuntu/yakkety-security 2017-01-31 17:43:30 UTC 2017-01-31
Import patches-unapplied version 1.0.2g-1ubuntu9.1 to ubuntu/yakkety-security

Author: Marc Deslauriers
Author Date: 2017-01-30 14:55:10 UTC

Import patches-unapplied version 1.0.2g-1ubuntu9.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 1c6db8d529e71e4f589f503db2dc5977e31cbf6a

New changelog entries:
  * SECURITY UPDATE: Montgomery multiplication may produce incorrect
    results
    - debian/patches/CVE-2016-7055.patch: fix logic in
      crypto/bn/asm/x86_64-mont.pl.
    - CVE-2016-7055
  * SECURITY UPDATE: DoS via warning alerts
    - debian/patches/CVE-2016-8610.patch: don't allow too many consecutive
      warning alerts in ssl/d1_pkt.c, ssl/s3_pkt.c, ssl/ssl.h,
      ssl/ssl_locl.h.
    - debian/patches/CVE-2016-8610-2.patch: fail if an unrecognised record
      type is received in ssl/s3_pkt.c.
    - CVE-2016-8610
  * SECURITY UPDATE: Truncated packet could crash via OOB read
    - debian/patches/CVE-2017-3731.patch: harden RC4_MD5 cipher in
      crypto/evp/e_rc4_hmac_md5.c.
    - CVE-2017-3731
  * SECURITY UPDATE: BN_mod_exp may produce incorrect results on x86_64
    - debian/patches/CVE-2017-3732.patch: fix carry bug in
      bn_sqr8x_internal in crypto/bn/asm/x86_64-mont5.pl.
    - CVE-2017-3732

applied/ubuntu/precise-security 2017-01-31 17:43:30 UTC 2017-01-31
Import patches-applied version 1.0.1-4ubuntu5.39 to applied/ubuntu/precise-se...

Author: Marc Deslauriers
Author Date: 2017-01-30 19:30:36 UTC

Import patches-applied version 1.0.1-4ubuntu5.39 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 12d1e853c5b11fc4cda49470581f216e95dbd2a8
Unapplied parent: 5f929762255950fc32fc232ed526c344e884ab68

New changelog entries:
  * SECURITY UPDATE: Pointer arithmetic undefined behaviour
    - debian/patches/CVE-2016-2177-pre.patch: check for ClientHello message
      overruns in ssl/s3_srvr.c.
    - debian/patches/CVE-2016-2177-pre2.patch: validate ClientHello
      extension field length in ssl/t1_lib.c.
    - debian/patches/CVE-2016-2177-pre3.patch: pass in a limit rather than
      calculate it in ssl/s3_srvr.c, ssl/ssl_locl.h, ssl/t1_lib.c.
    - debian/patches/CVE-2016-2177.patch: avoid undefined pointer
      arithmetic in ssl/s3_srvr.c, ssl/t1_lib.c,
    - CVE-2016-2177
  * SECURITY UPDATE: ECDSA P-256 timing attack key recovery
    - debian/patches/CVE-2016-7056.patch: use BN_mod_exp_mont_consttime in
      crypto/ec/ec.h, crypto/ec/ec_lcl.h, crypto/ec/ec_lib.c,
      crypto/ecdsa/ecs_ossl.c.
    - CVE-2016-7056
  * SECURITY UPDATE: DoS via warning alerts
    - debian/patches/CVE-2016-8610.patch: don't allow too many consecutive
      warning alerts in ssl/d1_pkt.c, ssl/s3_pkt.c, ssl/ssl.h,
      ssl/ssl_locl.h.
    - debian/patches/CVE-2016-8610-2.patch: fail if an unrecognised record
      type is received in ssl/s3_pkt.c.
    - CVE-2016-8610
  * SECURITY UPDATE: Truncated packet could crash via OOB read
    - debian/patches/CVE-2017-3731-pre.patch: sanity check
      EVP_CTRL_AEAD_TLS_AAD in crypto/evp/e_aes.c,
      crypto/evp/e_aes_cbc_hmac_sha1.c, crypto/evp/e_rc4_hmac_md5.c,
      crypto/evp/evp.h, ssl/t1_enc.c.
    - debian/patches/CVE-2017-3731.patch: harden RC4_MD5 cipher in
      crypto/evp/e_rc4_hmac_md5.c.
    - CVE-2017-3731

ubuntu/precise-devel 2017-01-31 17:43:30 UTC 2017-01-31
Import patches-unapplied version 1.0.1-4ubuntu5.39 to ubuntu/precise-security

Author: Marc Deslauriers
Author Date: 2017-01-30 19:30:36 UTC

Import patches-unapplied version 1.0.1-4ubuntu5.39 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 82a89004c586499a6eea19659cf0054de87c5b57

New changelog entries:
  * SECURITY UPDATE: Pointer arithmetic undefined behaviour
    - debian/patches/CVE-2016-2177-pre.patch: check for ClientHello message
      overruns in ssl/s3_srvr.c.
    - debian/patches/CVE-2016-2177-pre2.patch: validate ClientHello
      extension field length in ssl/t1_lib.c.
    - debian/patches/CVE-2016-2177-pre3.patch: pass in a limit rather than
      calculate it in ssl/s3_srvr.c, ssl/ssl_locl.h, ssl/t1_lib.c.
    - debian/patches/CVE-2016-2177.patch: avoid undefined pointer
      arithmetic in ssl/s3_srvr.c, ssl/t1_lib.c,
    - CVE-2016-2177
  * SECURITY UPDATE: ECDSA P-256 timing attack key recovery
    - debian/patches/CVE-2016-7056.patch: use BN_mod_exp_mont_consttime in
      crypto/ec/ec.h, crypto/ec/ec_lcl.h, crypto/ec/ec_lib.c,
      crypto/ecdsa/ecs_ossl.c.
    - CVE-2016-7056
  * SECURITY UPDATE: DoS via warning alerts
    - debian/patches/CVE-2016-8610.patch: don't allow too many consecutive
      warning alerts in ssl/d1_pkt.c, ssl/s3_pkt.c, ssl/ssl.h,
      ssl/ssl_locl.h.
    - debian/patches/CVE-2016-8610-2.patch: fail if an unrecognised record
      type is received in ssl/s3_pkt.c.
    - CVE-2016-8610
  * SECURITY UPDATE: Truncated packet could crash via OOB read
    - debian/patches/CVE-2017-3731-pre.patch: sanity check
      EVP_CTRL_AEAD_TLS_AAD in crypto/evp/e_aes.c,
      crypto/evp/e_aes_cbc_hmac_sha1.c, crypto/evp/e_rc4_hmac_md5.c,
      crypto/evp/evp.h, ssl/t1_enc.c.
    - debian/patches/CVE-2017-3731.patch: harden RC4_MD5 cipher in
      crypto/evp/e_rc4_hmac_md5.c.
    - CVE-2017-3731

ubuntu/precise-security 2017-01-31 17:43:30 UTC 2017-01-31
Import patches-unapplied version 1.0.1-4ubuntu5.39 to ubuntu/precise-security

Author: Marc Deslauriers
Author Date: 2017-01-30 19:30:36 UTC

Import patches-unapplied version 1.0.1-4ubuntu5.39 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 82a89004c586499a6eea19659cf0054de87c5b57

New changelog entries:
  * SECURITY UPDATE: Pointer arithmetic undefined behaviour
    - debian/patches/CVE-2016-2177-pre.patch: check for ClientHello message
      overruns in ssl/s3_srvr.c.
    - debian/patches/CVE-2016-2177-pre2.patch: validate ClientHello
      extension field length in ssl/t1_lib.c.
    - debian/patches/CVE-2016-2177-pre3.patch: pass in a limit rather than
      calculate it in ssl/s3_srvr.c, ssl/ssl_locl.h, ssl/t1_lib.c.
    - debian/patches/CVE-2016-2177.patch: avoid undefined pointer
      arithmetic in ssl/s3_srvr.c, ssl/t1_lib.c,
    - CVE-2016-2177
  * SECURITY UPDATE: ECDSA P-256 timing attack key recovery
    - debian/patches/CVE-2016-7056.patch: use BN_mod_exp_mont_consttime in
      crypto/ec/ec.h, crypto/ec/ec_lcl.h, crypto/ec/ec_lib.c,
      crypto/ecdsa/ecs_ossl.c.
    - CVE-2016-7056
  * SECURITY UPDATE: DoS via warning alerts
    - debian/patches/CVE-2016-8610.patch: don't allow too many consecutive
      warning alerts in ssl/d1_pkt.c, ssl/s3_pkt.c, ssl/ssl.h,
      ssl/ssl_locl.h.
    - debian/patches/CVE-2016-8610-2.patch: fail if an unrecognised record
      type is received in ssl/s3_pkt.c.
    - CVE-2016-8610
  * SECURITY UPDATE: Truncated packet could crash via OOB read
    - debian/patches/CVE-2017-3731-pre.patch: sanity check
      EVP_CTRL_AEAD_TLS_AAD in crypto/evp/e_aes.c,
      crypto/evp/e_aes_cbc_hmac_sha1.c, crypto/evp/e_rc4_hmac_md5.c,
      crypto/evp/evp.h, ssl/t1_enc.c.
    - debian/patches/CVE-2017-3731.patch: harden RC4_MD5 cipher in
      crypto/evp/e_rc4_hmac_md5.c.
    - CVE-2017-3731

applied/ubuntu/precise-devel 2017-01-31 17:43:30 UTC 2017-01-31
Import patches-applied version 1.0.1-4ubuntu5.39 to applied/ubuntu/precise-se...

Author: Marc Deslauriers
Author Date: 2017-01-30 19:30:36 UTC

Import patches-applied version 1.0.1-4ubuntu5.39 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 12d1e853c5b11fc4cda49470581f216e95dbd2a8
Unapplied parent: 5f929762255950fc32fc232ed526c344e884ab68

New changelog entries:
  * SECURITY UPDATE: Pointer arithmetic undefined behaviour
    - debian/patches/CVE-2016-2177-pre.patch: check for ClientHello message
      overruns in ssl/s3_srvr.c.
    - debian/patches/CVE-2016-2177-pre2.patch: validate ClientHello
      extension field length in ssl/t1_lib.c.
    - debian/patches/CVE-2016-2177-pre3.patch: pass in a limit rather than
      calculate it in ssl/s3_srvr.c, ssl/ssl_locl.h, ssl/t1_lib.c.
    - debian/patches/CVE-2016-2177.patch: avoid undefined pointer
      arithmetic in ssl/s3_srvr.c, ssl/t1_lib.c,
    - CVE-2016-2177
  * SECURITY UPDATE: ECDSA P-256 timing attack key recovery
    - debian/patches/CVE-2016-7056.patch: use BN_mod_exp_mont_consttime in
      crypto/ec/ec.h, crypto/ec/ec_lcl.h, crypto/ec/ec_lib.c,
      crypto/ecdsa/ecs_ossl.c.
    - CVE-2016-7056
  * SECURITY UPDATE: DoS via warning alerts
    - debian/patches/CVE-2016-8610.patch: don't allow too many consecutive
      warning alerts in ssl/d1_pkt.c, ssl/s3_pkt.c, ssl/ssl.h,
      ssl/ssl_locl.h.
    - debian/patches/CVE-2016-8610-2.patch: fail if an unrecognised record
      type is received in ssl/s3_pkt.c.
    - CVE-2016-8610
  * SECURITY UPDATE: Truncated packet could crash via OOB read
    - debian/patches/CVE-2017-3731-pre.patch: sanity check
      EVP_CTRL_AEAD_TLS_AAD in crypto/evp/e_aes.c,
      crypto/evp/e_aes_cbc_hmac_sha1.c, crypto/evp/e_rc4_hmac_md5.c,
      crypto/evp/evp.h, ssl/t1_enc.c.
    - debian/patches/CVE-2017-3731.patch: harden RC4_MD5 cipher in
      crypto/evp/e_rc4_hmac_md5.c.
    - CVE-2017-3731

ubuntu/precise-updates 2017-01-31 17:43:30 UTC 2017-01-31
Import patches-unapplied version 1.0.1-4ubuntu5.39 to ubuntu/precise-security

Author: Marc Deslauriers
Author Date: 2017-01-30 19:30:36 UTC

Import patches-unapplied version 1.0.1-4ubuntu5.39 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 82a89004c586499a6eea19659cf0054de87c5b57

New changelog entries:
  * SECURITY UPDATE: Pointer arithmetic undefined behaviour
    - debian/patches/CVE-2016-2177-pre.patch: check for ClientHello message
      overruns in ssl/s3_srvr.c.
    - debian/patches/CVE-2016-2177-pre2.patch: validate ClientHello
      extension field length in ssl/t1_lib.c.
    - debian/patches/CVE-2016-2177-pre3.patch: pass in a limit rather than
      calculate it in ssl/s3_srvr.c, ssl/ssl_locl.h, ssl/t1_lib.c.
    - debian/patches/CVE-2016-2177.patch: avoid undefined pointer
      arithmetic in ssl/s3_srvr.c, ssl/t1_lib.c,
    - CVE-2016-2177
  * SECURITY UPDATE: ECDSA P-256 timing attack key recovery
    - debian/patches/CVE-2016-7056.patch: use BN_mod_exp_mont_consttime in
      crypto/ec/ec.h, crypto/ec/ec_lcl.h, crypto/ec/ec_lib.c,
      crypto/ecdsa/ecs_ossl.c.
    - CVE-2016-7056
  * SECURITY UPDATE: DoS via warning alerts
    - debian/patches/CVE-2016-8610.patch: don't allow too many consecutive
      warning alerts in ssl/d1_pkt.c, ssl/s3_pkt.c, ssl/ssl.h,
      ssl/ssl_locl.h.
    - debian/patches/CVE-2016-8610-2.patch: fail if an unrecognised record
      type is received in ssl/s3_pkt.c.
    - CVE-2016-8610
  * SECURITY UPDATE: Truncated packet could crash via OOB read
    - debian/patches/CVE-2017-3731-pre.patch: sanity check
      EVP_CTRL_AEAD_TLS_AAD in crypto/evp/e_aes.c,
      crypto/evp/e_aes_cbc_hmac_sha1.c, crypto/evp/e_rc4_hmac_md5.c,
      crypto/evp/evp.h, ssl/t1_enc.c.
    - debian/patches/CVE-2017-3731.patch: harden RC4_MD5 cipher in
      crypto/evp/e_rc4_hmac_md5.c.
    - CVE-2017-3731

ubuntu/zesty 2017-01-30 15:23:15 UTC 2017-01-30
Import patches-unapplied version 1.0.2g-1ubuntu11 to ubuntu/zesty-proposed

Author: Marc Deslauriers
Author Date: 2017-01-30 14:00:43 UTC

Import patches-unapplied version 1.0.2g-1ubuntu11 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 98d8c30245067bdceeac22e108898093f94c5bf4

New changelog entries:
  * SECURITY UPDATE: Montgomery multiplication may produce incorrect
    results
    - debian/patches/CVE-2016-7055.patch: fix logic in
      crypto/bn/asm/x86_64-mont.pl.
    - CVE-2016-7055
  * SECURITY UPDATE: DoS via warning alerts
    - debian/patches/CVE-2016-8610.patch: don't allow too many consecutive
      warning alerts in ssl/d1_pkt.c, ssl/s3_pkt.c, ssl/ssl.h,
      ssl/ssl_locl.h.
    - debian/patches/CVE-2016-8610-2.patch: fail if an unrecognised record
      type is received in ssl/s3_pkt.c.
    - CVE-2016-8610
  * SECURITY UPDATE: Truncated packet could crash via OOB read
    - debian/patches/CVE-2017-3731.patch: harden RC4_MD5 cipher in
      crypto/evp/e_rc4_hmac_md5.c.
    - CVE-2017-3731
  * SECURITY UPDATE: BN_mod_exp may produce incorrect results on x86_64
    - debian/patches/CVE-2017-3732.patch: fix carry bug in
      bn_sqr8x_internal in crypto/bn/asm/x86_64-mont5.pl.
    - CVE-2017-3732

applied/ubuntu/zesty 2017-01-30 15:23:15 UTC 2017-01-30
Import patches-applied version 1.0.2g-1ubuntu11 to applied/ubuntu/zesty-proposed

Author: Marc Deslauriers
Author Date: 2017-01-30 14:00:43 UTC

Import patches-applied version 1.0.2g-1ubuntu11 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: d37b0f197a9c24775917a56ffa6719a6a7e82589
Unapplied parent: f8fab09f2faa168f66c377a5f43055091afdf589

New changelog entries:
  * SECURITY UPDATE: Montgomery multiplication may produce incorrect
    results
    - debian/patches/CVE-2016-7055.patch: fix logic in
      crypto/bn/asm/x86_64-mont.pl.
    - CVE-2016-7055
  * SECURITY UPDATE: DoS via warning alerts
    - debian/patches/CVE-2016-8610.patch: don't allow too many consecutive
      warning alerts in ssl/d1_pkt.c, ssl/s3_pkt.c, ssl/ssl.h,
      ssl/ssl_locl.h.
    - debian/patches/CVE-2016-8610-2.patch: fail if an unrecognised record
      type is received in ssl/s3_pkt.c.
    - CVE-2016-8610
  * SECURITY UPDATE: Truncated packet could crash via OOB read
    - debian/patches/CVE-2017-3731.patch: harden RC4_MD5 cipher in
      crypto/evp/e_rc4_hmac_md5.c.
    - CVE-2017-3731
  * SECURITY UPDATE: BN_mod_exp may produce incorrect results on x86_64
    - debian/patches/CVE-2017-3732.patch: fix carry bug in
      bn_sqr8x_internal in crypto/bn/asm/x86_64-mont5.pl.
    - CVE-2017-3732

applied/ubuntu/yakkety 2016-09-23 17:54:16 UTC 2016-09-23
Import patches-applied version 1.0.2g-1ubuntu9 to applied/ubuntu/yakkety-prop...

Author: Marc Deslauriers
Author Date: 2016-09-23 15:00:22 UTC

Import patches-applied version 1.0.2g-1ubuntu9 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 0591e4c10130de4507944c106eea8cc877aa4385
Unapplied parent: 26ea7eab9cbe501d0c850e9585721e903f212f05

New changelog entries:
  * SECURITY UPDATE: Pointer arithmetic undefined behaviour
    - debian/patches/CVE-2016-2177.patch: avoid undefined pointer
      arithmetic in ssl/s3_srvr.c, ssl/ssl_sess.c, ssl/t1_lib.c.
    - CVE-2016-2177
  * SECURITY UPDATE: Constant time flag not preserved in DSA signing
    - debian/patches/CVE-2016-2178-*.patch: preserve BN_FLG_CONSTTIME in
      crypto/dsa/dsa_ossl.c.
    - CVE-2016-2178
  * SECURITY UPDATE: DTLS buffered message DoS
    - debian/patches/CVE-2016-2179.patch: fix queue handling in
      ssl/d1_both.c, ssl/d1_clnt.c, ssl/d1_lib.c, ssl/d1_srvr.c,
      ssl/ssl_locl.h.
    - CVE-2016-2179
  * SECURITY UPDATE: OOB read in TS_OBJ_print_bio()
    - debian/patches/CVE-2016-2180.patch: fix text handling in
      crypto/ts/ts_lib.c.
    - CVE-2016-2180
  * SECURITY UPDATE: DTLS replay protection DoS
    - debian/patches/CVE-2016-2181-1.patch: properly handle unprocessed
      records in ssl/d1_pkt.c.
    - debian/patches/CVE-2016-2181-2.patch: protect against replay attacks
      in ssl/d1_pkt.c, ssl/ssl.h, ssl/ssl_err.c.
    - debian/patches/CVE-2016-2181-3.patch: update error code in ssl/ssl.h.
    - CVE-2016-2181
  * SECURITY UPDATE: OOB write in BN_bn2dec()
    - debian/patches/CVE-2016-2182.patch: don't overflow buffer in
      crypto/bn/bn_print.c.
    - debian/patches/CVE-2016-2182-2.patch: fix off-by-one in overflow
      check in crypto/bn/bn_print.c.
    - CVE-2016-2182
  * SECURITY UPDATE: SWEET32 Mitigation
    - debian/patches/CVE-2016-2183.patch: move DES ciphersuites from HIGH
      to MEDIUM in ssl/s3_lib.c.
    - CVE-2016-2183
  * SECURITY UPDATE: Malformed SHA512 ticket DoS
    - debian/patches/CVE-2016-6302.patch: sanity check ticket length in
      ssl/t1_lib.c.
    - CVE-2016-6302
  * SECURITY UPDATE: OOB write in MDC2_Update()
    - debian/patches/CVE-2016-6303.patch: avoid overflow in
      crypto/mdc2/mdc2dgst.c.
    - CVE-2016-6303
  * SECURITY UPDATE: OCSP Status Request extension unbounded memory growth
    - debian/patches/CVE-2016-6304.patch: remove OCSP_RESPIDs from previous
      handshake in ssl/t1_lib.c.
    - CVE-2016-6304
  * SECURITY UPDATE: Certificate message OOB reads
    - debian/patches/CVE-2016-6306-1.patch: check lengths in ssl/s3_clnt.c,
      ssl/s3_srvr.c.
    - debian/patches/CVE-2016-6306-2.patch: make message buffer slightly
      larger in ssl/d1_both.c, ssl/s3_both.c.
    - CVE-2016-6306

ubuntu/yakkety 2016-09-23 17:54:16 UTC 2016-09-23
Import patches-unapplied version 1.0.2g-1ubuntu9 to ubuntu/yakkety-proposed

Author: Marc Deslauriers
Author Date: 2016-09-23 15:00:22 UTC

Import patches-unapplied version 1.0.2g-1ubuntu9 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 579a024561e4adc6e476084731c798563c0b98ca

New changelog entries:
  * SECURITY UPDATE: Pointer arithmetic undefined behaviour
    - debian/patches/CVE-2016-2177.patch: avoid undefined pointer
      arithmetic in ssl/s3_srvr.c, ssl/ssl_sess.c, ssl/t1_lib.c.
    - CVE-2016-2177
  * SECURITY UPDATE: Constant time flag not preserved in DSA signing
    - debian/patches/CVE-2016-2178-*.patch: preserve BN_FLG_CONSTTIME in
      crypto/dsa/dsa_ossl.c.
    - CVE-2016-2178
  * SECURITY UPDATE: DTLS buffered message DoS
    - debian/patches/CVE-2016-2179.patch: fix queue handling in
      ssl/d1_both.c, ssl/d1_clnt.c, ssl/d1_lib.c, ssl/d1_srvr.c,
      ssl/ssl_locl.h.
    - CVE-2016-2179
  * SECURITY UPDATE: OOB read in TS_OBJ_print_bio()
    - debian/patches/CVE-2016-2180.patch: fix text handling in
      crypto/ts/ts_lib.c.
    - CVE-2016-2180
  * SECURITY UPDATE: DTLS replay protection DoS
    - debian/patches/CVE-2016-2181-1.patch: properly handle unprocessed
      records in ssl/d1_pkt.c.
    - debian/patches/CVE-2016-2181-2.patch: protect against replay attacks
      in ssl/d1_pkt.c, ssl/ssl.h, ssl/ssl_err.c.
    - debian/patches/CVE-2016-2181-3.patch: update error code in ssl/ssl.h.
    - CVE-2016-2181
  * SECURITY UPDATE: OOB write in BN_bn2dec()
    - debian/patches/CVE-2016-2182.patch: don't overflow buffer in
      crypto/bn/bn_print.c.
    - debian/patches/CVE-2016-2182-2.patch: fix off-by-one in overflow
      check in crypto/bn/bn_print.c.
    - CVE-2016-2182
  * SECURITY UPDATE: SWEET32 Mitigation
    - debian/patches/CVE-2016-2183.patch: move DES ciphersuites from HIGH
      to MEDIUM in ssl/s3_lib.c.
    - CVE-2016-2183
  * SECURITY UPDATE: Malformed SHA512 ticket DoS
    - debian/patches/CVE-2016-6302.patch: sanity check ticket length in
      ssl/t1_lib.c.
    - CVE-2016-6302
  * SECURITY UPDATE: OOB write in MDC2_Update()
    - debian/patches/CVE-2016-6303.patch: avoid overflow in
      crypto/mdc2/mdc2dgst.c.
    - CVE-2016-6303
  * SECURITY UPDATE: OCSP Status Request extension unbounded memory growth
    - debian/patches/CVE-2016-6304.patch: remove OCSP_RESPIDs from previous
      handshake in ssl/t1_lib.c.
    - CVE-2016-6304
  * SECURITY UPDATE: Certificate message OOB reads
    - debian/patches/CVE-2016-6306-1.patch: check lengths in ssl/s3_clnt.c,
      ssl/s3_srvr.c.
    - debian/patches/CVE-2016-6306-2.patch: make message buffer slightly
      larger in ssl/d1_both.c, ssl/s3_both.c.
    - CVE-2016-6306

applied/ubuntu/wily-updates 2016-05-03 14:43:51 UTC 2016-05-03
Import patches-applied version 1.0.2d-0ubuntu1.5 to applied/ubuntu/wily-security

Author: Marc Deslauriers
Author Date: 2016-04-28 14:00:31 UTC

Import patches-applied version 1.0.2d-0ubuntu1.5 to applied/ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 8aaa181725e121c72f35b02f76e8d304454bc867
Unapplied parent: 37ad5bf7b61ff26171be3b29a673c6b3a54d2f8b

New changelog entries:
  * SECURITY UPDATE: EVP_EncodeUpdate overflow
    - debian/patches/CVE-2016-2105.patch: properly check lengths in
      crypto/evp/encode.c, add documentation to
      doc/crypto/EVP_EncodeInit.pod, doc/crypto/evp.pod.
    - CVE-2016-2105
  * SECURITY UPDATE: EVP_EncryptUpdate overflow
    - debian/patches/CVE-2016-2106.patch: fix overflow in
      crypto/evp/evp_enc.c.
    - CVE-2016-2106
  * SECURITY UPDATE: Padding oracle in AES-NI CBC MAC check
    - debian/patches/CVE-2016-2107.patch: check that there are enough
      padding characters in crypto/evp/e_aes_cbc_hmac_sha1.c,
      crypto/evp/e_aes_cbc_hmac_sha256.c.
    - CVE-2016-2107
  * SECURITY UPDATE: Memory corruption in the ASN.1 encoder
    - debian/patches/CVE-2016-2108.patch: fix ASN1_INTEGER handling in
      crypto/asn1/a_type.c, crypto/asn1/asn1.h, crypto/asn1/tasn_dec.c,
      crypto/asn1/tasn_enc.c.
    - CVE-2016-2108
  * SECURITY UPDATE: ASN.1 BIO excessive memory allocation
    - debian/patches/CVE-2016-2109.patch: properly handle large amounts of
      data in crypto/asn1/a_d2i_fp.c.
    - CVE-2016-2109
  * debian/patches/min_1024_dh_size.patch: change minimum DH size from 768
    to 1024.

applied/ubuntu/wily-devel 2016-05-03 14:43:51 UTC 2016-05-03
Import patches-applied version 1.0.2d-0ubuntu1.5 to applied/ubuntu/wily-security

Author: Marc Deslauriers
Author Date: 2016-04-28 14:00:31 UTC

Import patches-applied version 1.0.2d-0ubuntu1.5 to applied/ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 8aaa181725e121c72f35b02f76e8d304454bc867
Unapplied parent: 37ad5bf7b61ff26171be3b29a673c6b3a54d2f8b

New changelog entries:
  * SECURITY UPDATE: EVP_EncodeUpdate overflow
    - debian/patches/CVE-2016-2105.patch: properly check lengths in
      crypto/evp/encode.c, add documentation to
      doc/crypto/EVP_EncodeInit.pod, doc/crypto/evp.pod.
    - CVE-2016-2105
  * SECURITY UPDATE: EVP_EncryptUpdate overflow
    - debian/patches/CVE-2016-2106.patch: fix overflow in
      crypto/evp/evp_enc.c.
    - CVE-2016-2106
  * SECURITY UPDATE: Padding oracle in AES-NI CBC MAC check
    - debian/patches/CVE-2016-2107.patch: check that there are enough
      padding characters in crypto/evp/e_aes_cbc_hmac_sha1.c,
      crypto/evp/e_aes_cbc_hmac_sha256.c.
    - CVE-2016-2107
  * SECURITY UPDATE: Memory corruption in the ASN.1 encoder
    - debian/patches/CVE-2016-2108.patch: fix ASN1_INTEGER handling in
      crypto/asn1/a_type.c, crypto/asn1/asn1.h, crypto/asn1/tasn_dec.c,
      crypto/asn1/tasn_enc.c.
    - CVE-2016-2108
  * SECURITY UPDATE: ASN.1 BIO excessive memory allocation
    - debian/patches/CVE-2016-2109.patch: properly handle large amounts of
      data in crypto/asn1/a_d2i_fp.c.
    - CVE-2016-2109
  * debian/patches/min_1024_dh_size.patch: change minimum DH size from 768
    to 1024.

ubuntu/wily-updates 2016-05-03 14:43:51 UTC 2016-05-03
Import patches-unapplied version 1.0.2d-0ubuntu1.5 to ubuntu/wily-security

Author: Marc Deslauriers
Author Date: 2016-04-28 14:00:31 UTC

Import patches-unapplied version 1.0.2d-0ubuntu1.5 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 13936c8cec843cb8e3f4b7a71c6083e788b23992

New changelog entries:
  * SECURITY UPDATE: EVP_EncodeUpdate overflow
    - debian/patches/CVE-2016-2105.patch: properly check lengths in
      crypto/evp/encode.c, add documentation to
      doc/crypto/EVP_EncodeInit.pod, doc/crypto/evp.pod.
    - CVE-2016-2105
  * SECURITY UPDATE: EVP_EncryptUpdate overflow
    - debian/patches/CVE-2016-2106.patch: fix overflow in
      crypto/evp/evp_enc.c.
    - CVE-2016-2106
  * SECURITY UPDATE: Padding oracle in AES-NI CBC MAC check
    - debian/patches/CVE-2016-2107.patch: check that there are enough
      padding characters in crypto/evp/e_aes_cbc_hmac_sha1.c,
      crypto/evp/e_aes_cbc_hmac_sha256.c.
    - CVE-2016-2107
  * SECURITY UPDATE: Memory corruption in the ASN.1 encoder
    - debian/patches/CVE-2016-2108.patch: fix ASN1_INTEGER handling in
      crypto/asn1/a_type.c, crypto/asn1/asn1.h, crypto/asn1/tasn_dec.c,
      crypto/asn1/tasn_enc.c.
    - CVE-2016-2108
  * SECURITY UPDATE: ASN.1 BIO excessive memory allocation
    - debian/patches/CVE-2016-2109.patch: properly handle large amounts of
      data in crypto/asn1/a_d2i_fp.c.
    - CVE-2016-2109
  * debian/patches/min_1024_dh_size.patch: change minimum DH size from 768
    to 1024.

ubuntu/wily-security 2016-05-03 14:43:51 UTC 2016-05-03
Import patches-unapplied version 1.0.2d-0ubuntu1.5 to ubuntu/wily-security

Author: Marc Deslauriers
Author Date: 2016-04-28 14:00:31 UTC

Import patches-unapplied version 1.0.2d-0ubuntu1.5 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 13936c8cec843cb8e3f4b7a71c6083e788b23992

New changelog entries:
  * SECURITY UPDATE: EVP_EncodeUpdate overflow
    - debian/patches/CVE-2016-2105.patch: properly check lengths in
      crypto/evp/encode.c, add documentation to
      doc/crypto/EVP_EncodeInit.pod, doc/crypto/evp.pod.
    - CVE-2016-2105
  * SECURITY UPDATE: EVP_EncryptUpdate overflow
    - debian/patches/CVE-2016-2106.patch: fix overflow in
      crypto/evp/evp_enc.c.
    - CVE-2016-2106
  * SECURITY UPDATE: Padding oracle in AES-NI CBC MAC check
    - debian/patches/CVE-2016-2107.patch: check that there are enough
      padding characters in crypto/evp/e_aes_cbc_hmac_sha1.c,
      crypto/evp/e_aes_cbc_hmac_sha256.c.
    - CVE-2016-2107
  * SECURITY UPDATE: Memory corruption in the ASN.1 encoder
    - debian/patches/CVE-2016-2108.patch: fix ASN1_INTEGER handling in
      crypto/asn1/a_type.c, crypto/asn1/asn1.h, crypto/asn1/tasn_dec.c,
      crypto/asn1/tasn_enc.c.
    - CVE-2016-2108
  * SECURITY UPDATE: ASN.1 BIO excessive memory allocation
    - debian/patches/CVE-2016-2109.patch: properly handle large amounts of
      data in crypto/asn1/a_d2i_fp.c.
    - CVE-2016-2109
  * debian/patches/min_1024_dh_size.patch: change minimum DH size from 768
    to 1024.

ubuntu/wily-devel 2016-05-03 14:43:51 UTC 2016-05-03
Import patches-unapplied version 1.0.2d-0ubuntu1.5 to ubuntu/wily-security

Author: Marc Deslauriers
Author Date: 2016-04-28 14:00:31 UTC

Import patches-unapplied version 1.0.2d-0ubuntu1.5 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 13936c8cec843cb8e3f4b7a71c6083e788b23992

New changelog entries:
  * SECURITY UPDATE: EVP_EncodeUpdate overflow
    - debian/patches/CVE-2016-2105.patch: properly check lengths in
      crypto/evp/encode.c, add documentation to
      doc/crypto/EVP_EncodeInit.pod, doc/crypto/evp.pod.
    - CVE-2016-2105
  * SECURITY UPDATE: EVP_EncryptUpdate overflow
    - debian/patches/CVE-2016-2106.patch: fix overflow in
      crypto/evp/evp_enc.c.
    - CVE-2016-2106
  * SECURITY UPDATE: Padding oracle in AES-NI CBC MAC check
    - debian/patches/CVE-2016-2107.patch: check that there are enough
      padding characters in crypto/evp/e_aes_cbc_hmac_sha1.c,
      crypto/evp/e_aes_cbc_hmac_sha256.c.
    - CVE-2016-2107
  * SECURITY UPDATE: Memory corruption in the ASN.1 encoder
    - debian/patches/CVE-2016-2108.patch: fix ASN1_INTEGER handling in
      crypto/asn1/a_type.c, crypto/asn1/asn1.h, crypto/asn1/tasn_dec.c,
      crypto/asn1/tasn_enc.c.
    - CVE-2016-2108
  * SECURITY UPDATE: ASN.1 BIO excessive memory allocation
    - debian/patches/CVE-2016-2109.patch: properly handle large amounts of
      data in crypto/asn1/a_d2i_fp.c.
    - CVE-2016-2109
  * debian/patches/min_1024_dh_size.patch: change minimum DH size from 768
    to 1024.

applied/ubuntu/wily-security 2016-05-03 14:43:51 UTC 2016-05-03
Import patches-applied version 1.0.2d-0ubuntu1.5 to applied/ubuntu/wily-security

Author: Marc Deslauriers
Author Date: 2016-04-28 14:00:31 UTC

Import patches-applied version 1.0.2d-0ubuntu1.5 to applied/ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 8aaa181725e121c72f35b02f76e8d304454bc867
Unapplied parent: 37ad5bf7b61ff26171be3b29a673c6b3a54d2f8b

New changelog entries:
  * SECURITY UPDATE: EVP_EncodeUpdate overflow
    - debian/patches/CVE-2016-2105.patch: properly check lengths in
      crypto/evp/encode.c, add documentation to
      doc/crypto/EVP_EncodeInit.pod, doc/crypto/evp.pod.
    - CVE-2016-2105
  * SECURITY UPDATE: EVP_EncryptUpdate overflow
    - debian/patches/CVE-2016-2106.patch: fix overflow in
      crypto/evp/evp_enc.c.
    - CVE-2016-2106
  * SECURITY UPDATE: Padding oracle in AES-NI CBC MAC check
    - debian/patches/CVE-2016-2107.patch: check that there are enough
      padding characters in crypto/evp/e_aes_cbc_hmac_sha1.c,
      crypto/evp/e_aes_cbc_hmac_sha256.c.
    - CVE-2016-2107
  * SECURITY UPDATE: Memory corruption in the ASN.1 encoder
    - debian/patches/CVE-2016-2108.patch: fix ASN1_INTEGER handling in
      crypto/asn1/a_type.c, crypto/asn1/asn1.h, crypto/asn1/tasn_dec.c,
      crypto/asn1/tasn_enc.c.
    - CVE-2016-2108
  * SECURITY UPDATE: ASN.1 BIO excessive memory allocation
    - debian/patches/CVE-2016-2109.patch: properly handle large amounts of
      data in crypto/asn1/a_d2i_fp.c.
    - CVE-2016-2109
  * debian/patches/min_1024_dh_size.patch: change minimum DH size from 768
    to 1024.

ubuntu/xenial 2016-04-15 05:14:33 UTC 2016-04-15
Import patches-unapplied version 1.0.2g-1ubuntu4 to ubuntu/xenial-proposed

Author: Joy Latten
Author Date: 2016-04-15 04:58:01 UTC

Import patches-unapplied version 1.0.2g-1ubuntu4 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 9b2692b08da4c3020f767d2b1aba1ba2253486b0

New changelog entries:
  * Rename Fedora-imported FIPS patches to the names they have in Fedora, add
    correct "Origin:" tags, and move Ubuntu modifications in them into
    openssl-1.0.2g-ubuntu-fips-cleanup.patch.

applied/ubuntu/xenial 2016-04-15 05:14:33 UTC 2016-04-15
Import patches-applied version 1.0.2g-1ubuntu4 to applied/ubuntu/xenial-proposed

Author: Joy Latten
Author Date: 2016-04-15 04:58:01 UTC

Import patches-applied version 1.0.2g-1ubuntu4 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 67d8ff1d055769bd9460568c7ee3b9986ad5685f
Unapplied parent: efaa79f33776a37ef45e1d4b840a7a1f40ac393c

New changelog entries:
  * Rename Fedora-imported FIPS patches to the names they have in Fedora, add
    correct "Origin:" tags, and move Ubuntu modifications in them into
    openssl-1.0.2g-ubuntu-fips-cleanup.patch.

applied/debian/wheezy 2016-04-02 23:40:02 UTC 2016-04-02
Import patches-applied version 1.0.1e-2+deb7u20 to applied/debian/wheezy

Author: Kurt Roeckx
Author Date: 2016-02-28 22:36:32 UTC

Import patches-applied version 1.0.1e-2+deb7u20 to applied/debian/wheezy

Imported using git-ubuntu import.

Changelog parent: 2a44697d06589ed68fd73d148afa033f574039be
Unapplied parent: f6ec4dd9d6867f89fa9739cf00d13c601ee2b1b0

New changelog entries:
  * Fix CVE-2016-0797
  * Fix CVE-2016-0798
  * Fix CVE-2016-0799
  * Fix CVE-2016-0702
  * Fix CVE-2016-0705
  * Disable EXPORT and LOW ciphers: The DROWN attack (CVE-2016-0800)
    makes use of those, and SLOTH attack (CVE-2015-7575) can make use of them
    too.
  * Non-maintainer upload by the Security Team.
  * Add CVE-2015-7575.patch patch.
    CVE-2015-7575: SLOTH: Security Losses from Obsolete and Truncated
    Transcript Hashes.
  * Fix CVE-2015-3194
  * Fix CVE-2015-3195
  * Fix CVE-2015-3196

debian/wheezy 2016-04-02 23:40:02 UTC 2016-04-02
Import patches-unapplied version 1.0.1e-2+deb7u20 to debian/wheezy

Author: Kurt Roeckx
Author Date: 2016-02-28 22:36:32 UTC

Import patches-unapplied version 1.0.1e-2+deb7u20 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: ac669d9052051f16d6a3c3b95af0014fdacef43a

New changelog entries:
  * Fix CVE-2016-0797
  * Fix CVE-2016-0798
  * Fix CVE-2016-0799
  * Fix CVE-2016-0702
  * Fix CVE-2016-0705
  * Disable EXPORT and LOW ciphers: The DROWN attack (CVE-2016-0800)
    makes use of those, and SLOTH attack (CVE-2015-7575) can make use of them
    too.
  * Non-maintainer upload by the Security Team.
  * Add CVE-2015-7575.patch patch.
    CVE-2015-7575: SLOTH: Security Losses from Obsolete and Truncated
    Transcript Hashes.
  * Fix CVE-2015-3194
  * Fix CVE-2015-3195
  * Fix CVE-2015-3196

applied/ubuntu/vivid-updates 2015-12-07 12:45:31 UTC 2015-12-07
Import patches-applied version 1.0.1f-1ubuntu11.5 to applied/ubuntu/vivid-sec...

Author: Marc Deslauriers
Author Date: 2015-12-04 12:54:50 UTC

Import patches-applied version 1.0.1f-1ubuntu11.5 to applied/ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 91a82ddb08ca7f5909b873b82b0b05e191bd32e4
Unapplied parent: 38489cd73c16e662497730683712e4b13fddec77

New changelog entries:
  * SECURITY UPDATE: Certificate verify crash with missing PSS parameter
    - debian/patches/CVE-2015-3194.patch: add PSS parameter check to
      crypto/rsa/rsa_ameth.c.
    - CVE-2015-3194
  * SECURITY UPDATE: X509_ATTRIBUTE memory leak
    - debian/patches/CVE-2015-3195.patch: fix leak in
      crypto/asn1/tasn_dec.c.
    - CVE-2015-3195
  * SECURITY UPDATE: Race condition handling PSK identify hint
    - debian/patches/CVE-2015-3196.patch: fix PSK handling in
      ssl/s3_clnt.c, ssl/s3_srvr.c.
    - CVE-2015-3196

ubuntu/vivid-devel 2015-12-07 12:45:31 UTC 2015-12-07
Import patches-unapplied version 1.0.1f-1ubuntu11.5 to ubuntu/vivid-security

Author: Marc Deslauriers
Author Date: 2015-12-04 12:54:50 UTC

Import patches-unapplied version 1.0.1f-1ubuntu11.5 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 1caec016b851b4dab8da531e929cd952879c5c21

New changelog entries:
  * SECURITY UPDATE: Certificate verify crash with missing PSS parameter
    - debian/patches/CVE-2015-3194.patch: add PSS parameter check to
      crypto/rsa/rsa_ameth.c.
    - CVE-2015-3194
  * SECURITY UPDATE: X509_ATTRIBUTE memory leak
    - debian/patches/CVE-2015-3195.patch: fix leak in
      crypto/asn1/tasn_dec.c.
    - CVE-2015-3195
  * SECURITY UPDATE: Race condition handling PSK identify hint
    - debian/patches/CVE-2015-3196.patch: fix PSK handling in
      ssl/s3_clnt.c, ssl/s3_srvr.c.
    - CVE-2015-3196

ubuntu/vivid-updates 2015-12-07 12:45:31 UTC 2015-12-07
Import patches-unapplied version 1.0.1f-1ubuntu11.5 to ubuntu/vivid-security

Author: Marc Deslauriers
Author Date: 2015-12-04 12:54:50 UTC

Import patches-unapplied version 1.0.1f-1ubuntu11.5 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 1caec016b851b4dab8da531e929cd952879c5c21

New changelog entries:
  * SECURITY UPDATE: Certificate verify crash with missing PSS parameter
    - debian/patches/CVE-2015-3194.patch: add PSS parameter check to
      crypto/rsa/rsa_ameth.c.
    - CVE-2015-3194
  * SECURITY UPDATE: X509_ATTRIBUTE memory leak
    - debian/patches/CVE-2015-3195.patch: fix leak in
      crypto/asn1/tasn_dec.c.
    - CVE-2015-3195
  * SECURITY UPDATE: Race condition handling PSK identify hint
    - debian/patches/CVE-2015-3196.patch: fix PSK handling in
      ssl/s3_clnt.c, ssl/s3_srvr.c.
    - CVE-2015-3196

applied/ubuntu/vivid-devel 2015-12-07 12:45:31 UTC 2015-12-07
Import patches-applied version 1.0.1f-1ubuntu11.5 to applied/ubuntu/vivid-sec...

Author: Marc Deslauriers
Author Date: 2015-12-04 12:54:50 UTC

Import patches-applied version 1.0.1f-1ubuntu11.5 to applied/ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 91a82ddb08ca7f5909b873b82b0b05e191bd32e4
Unapplied parent: 38489cd73c16e662497730683712e4b13fddec77

New changelog entries:
  * SECURITY UPDATE: Certificate verify crash with missing PSS parameter
    - debian/patches/CVE-2015-3194.patch: add PSS parameter check to
      crypto/rsa/rsa_ameth.c.
    - CVE-2015-3194
  * SECURITY UPDATE: X509_ATTRIBUTE memory leak
    - debian/patches/CVE-2015-3195.patch: fix leak in
      crypto/asn1/tasn_dec.c.
    - CVE-2015-3195
  * SECURITY UPDATE: Race condition handling PSK identify hint
    - debian/patches/CVE-2015-3196.patch: fix PSK handling in
      ssl/s3_clnt.c, ssl/s3_srvr.c.
    - CVE-2015-3196

ubuntu/vivid-security 2015-12-07 12:45:31 UTC 2015-12-07
Import patches-unapplied version 1.0.1f-1ubuntu11.5 to ubuntu/vivid-security

Author: Marc Deslauriers
Author Date: 2015-12-04 12:54:50 UTC

Import patches-unapplied version 1.0.1f-1ubuntu11.5 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 1caec016b851b4dab8da531e929cd952879c5c21

New changelog entries:
  * SECURITY UPDATE: Certificate verify crash with missing PSS parameter
    - debian/patches/CVE-2015-3194.patch: add PSS parameter check to
      crypto/rsa/rsa_ameth.c.
    - CVE-2015-3194
  * SECURITY UPDATE: X509_ATTRIBUTE memory leak
    - debian/patches/CVE-2015-3195.patch: fix leak in
      crypto/asn1/tasn_dec.c.
    - CVE-2015-3195
  * SECURITY UPDATE: Race condition handling PSK identify hint
    - debian/patches/CVE-2015-3196.patch: fix PSK handling in
      ssl/s3_clnt.c, ssl/s3_srvr.c.
    - CVE-2015-3196

applied/ubuntu/vivid-security 2015-12-07 12:45:31 UTC 2015-12-07
Import patches-applied version 1.0.1f-1ubuntu11.5 to applied/ubuntu/vivid-sec...

Author: Marc Deslauriers
Author Date: 2015-12-04 12:54:50 UTC

Import patches-applied version 1.0.1f-1ubuntu11.5 to applied/ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 91a82ddb08ca7f5909b873b82b0b05e191bd32e4
Unapplied parent: 38489cd73c16e662497730683712e4b13fddec77

New changelog entries:
  * SECURITY UPDATE: Certificate verify crash with missing PSS parameter
    - debian/patches/CVE-2015-3194.patch: add PSS parameter check to
      crypto/rsa/rsa_ameth.c.
    - CVE-2015-3194
  * SECURITY UPDATE: X509_ATTRIBUTE memory leak
    - debian/patches/CVE-2015-3195.patch: fix leak in
      crypto/asn1/tasn_dec.c.
    - CVE-2015-3195
  * SECURITY UPDATE: Race condition handling PSK identify hint
    - debian/patches/CVE-2015-3196.patch: fix PSK handling in
      ssl/s3_clnt.c, ssl/s3_srvr.c.
    - CVE-2015-3196

ubuntu/wily-proposed 2015-07-09 14:13:34 UTC 2015-07-09
Import patches-unapplied version 1.0.2d-0ubuntu1 to ubuntu/wily-proposed

Author: Marc Deslauriers
Author Date: 2015-07-09 13:27:48 UTC

Import patches-unapplied version 1.0.2d-0ubuntu1 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 8a68e19417f7cddb07447ca740adf3907584434e

New changelog entries:
  * SECURITY UPDATE: alternative chains certificate forgery
    - Updated to new upstream version
    - CVE-2015-1793

applied/ubuntu/wily-proposed 2015-07-09 14:13:34 UTC 2015-07-09
Import patches-applied version 1.0.2d-0ubuntu1 to applied/ubuntu/wily-proposed

Author: Marc Deslauriers
Author Date: 2015-07-09 13:27:48 UTC

Import patches-applied version 1.0.2d-0ubuntu1 to applied/ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: bcc1a31b75a2c80636be466b663ddec87793ddeb
Unapplied parent: 938a1cc3b3359b2025d5cbd729115ce05886a065

New changelog entries:
  * SECURITY UPDATE: alternative chains certificate forgery
    - Updated to new upstream version
    - CVE-2015-1793

ubuntu/wily 2015-07-09 14:13:34 UTC 2015-07-09
Import patches-unapplied version 1.0.2d-0ubuntu1 to ubuntu/wily-proposed

Author: Marc Deslauriers
Author Date: 2015-07-09 13:27:48 UTC

Import patches-unapplied version 1.0.2d-0ubuntu1 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 8a68e19417f7cddb07447ca740adf3907584434e

New changelog entries:
  * SECURITY UPDATE: alternative chains certificate forgery
    - Updated to new upstream version
    - CVE-2015-1793

applied/ubuntu/wily 2015-07-09 14:13:34 UTC 2015-07-09
Import patches-applied version 1.0.2d-0ubuntu1 to applied/ubuntu/wily-proposed

Author: Marc Deslauriers
Author Date: 2015-07-09 13:27:48 UTC

Import patches-applied version 1.0.2d-0ubuntu1 to applied/ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: bcc1a31b75a2c80636be466b663ddec87793ddeb
Unapplied parent: 938a1cc3b3359b2025d5cbd729115ce05886a065

New changelog entries:
  * SECURITY UPDATE: alternative chains certificate forgery
    - Updated to new upstream version
    - CVE-2015-1793

applied/ubuntu/utopic-security 2015-06-11 18:03:32 UTC 2015-06-11
Import patches-applied version 1.0.1f-1ubuntu9.8 to applied/ubuntu/utopic-sec...

Author: Marc Deslauriers
Author Date: 2015-06-11 11:12:10 UTC

Import patches-applied version 1.0.1f-1ubuntu9.8 to applied/ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: 2e7f7d28181e7c911d3136fc2c80fd3a496fbbf6
Unapplied parent: d399662511c1f52fa1a012cd29f7605283fd6ce5

New changelog entries:
  * SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
    - debian/patches/reject_small_dh.patch: reject small dh keys in
      ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
      doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
      dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod.
  * SECURITY UPDATE: denial of service and possible code execution via
    invalid free in DTLS
    - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
    - CVE-2014-8176
  * SECURITY UPDATE: denial of service via malformed ECParameters
    - debian/patches/CVE-2015-1788.patch: improve logic in
      crypto/bn/bn_gf2m.c.
    - CVE-2015-1788
  * SECURITY UPDATE: denial of service via out-of-bounds read in
    X509_cmp_time
    - debian/patches/CVE-2015-1789.patch: properly parse time format in
      crypto/x509/x509_vfy.c.
    - CVE-2015-1789
  * SECURITY UPDATE: denial of service via missing EnvelopedContent
    - debian/patches/CVE-2015-1790.patch: handle NULL data_body in
      crypto/pkcs7/pk7_doit.c.
    - CVE-2015-1790
  * SECURITY UPDATE: race condition in NewSessionTicket
    - debian/patches/CVE-2015-1791.patch: create a new session in
      ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
      ssl/ssl_sess.c.
    - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
      ssl/ssl_sess.c.
    - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
      ssl/ssl_sess.c.
    - CVE-2015-1791
  * SECURITY UPDATE: CMS verify infinite loop with unknown hash function
    - debian/patches/CVE-2015-1792.patch: fix infinite loop in
      crypto/cms/cms_smime.c.
    - CVE-2015-1792

applied/ubuntu/utopic-updates 2015-06-11 18:03:32 UTC 2015-06-11
Import patches-applied version 1.0.1f-1ubuntu9.8 to applied/ubuntu/utopic-sec...

Author: Marc Deslauriers
Author Date: 2015-06-11 11:12:10 UTC

Import patches-applied version 1.0.1f-1ubuntu9.8 to applied/ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: 2e7f7d28181e7c911d3136fc2c80fd3a496fbbf6
Unapplied parent: d399662511c1f52fa1a012cd29f7605283fd6ce5

New changelog entries:
  * SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
    - debian/patches/reject_small_dh.patch: reject small dh keys in
      ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
      doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
      dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod.
  * SECURITY UPDATE: denial of service and possible code execution via
    invalid free in DTLS
    - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
    - CVE-2014-8176
  * SECURITY UPDATE: denial of service via malformed ECParameters
    - debian/patches/CVE-2015-1788.patch: improve logic in
      crypto/bn/bn_gf2m.c.
    - CVE-2015-1788
  * SECURITY UPDATE: denial of service via out-of-bounds read in
    X509_cmp_time
    - debian/patches/CVE-2015-1789.patch: properly parse time format in
      crypto/x509/x509_vfy.c.
    - CVE-2015-1789
  * SECURITY UPDATE: denial of service via missing EnvelopedContent
    - debian/patches/CVE-2015-1790.patch: handle NULL data_body in
      crypto/pkcs7/pk7_doit.c.
    - CVE-2015-1790
  * SECURITY UPDATE: race condition in NewSessionTicket
    - debian/patches/CVE-2015-1791.patch: create a new session in
      ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
      ssl/ssl_sess.c.
    - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
      ssl/ssl_sess.c.
    - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
      ssl/ssl_sess.c.
    - CVE-2015-1791
  * SECURITY UPDATE: CMS verify infinite loop with unknown hash function
    - debian/patches/CVE-2015-1792.patch: fix infinite loop in
      crypto/cms/cms_smime.c.
    - CVE-2015-1792

ubuntu/utopic-security 2015-06-11 18:03:32 UTC 2015-06-11
Import patches-unapplied version 1.0.1f-1ubuntu9.8 to ubuntu/utopic-security

Author: Marc Deslauriers
Author Date: 2015-06-11 11:12:10 UTC

Import patches-unapplied version 1.0.1f-1ubuntu9.8 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: 0665fe6eceea390dd6309227406a08112d5b2cbc

New changelog entries:
  * SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
    - debian/patches/reject_small_dh.patch: reject small dh keys in
      ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
      doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
      dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod.
  * SECURITY UPDATE: denial of service and possible code execution via
    invalid free in DTLS
    - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
    - CVE-2014-8176
  * SECURITY UPDATE: denial of service via malformed ECParameters
    - debian/patches/CVE-2015-1788.patch: improve logic in
      crypto/bn/bn_gf2m.c.
    - CVE-2015-1788
  * SECURITY UPDATE: denial of service via out-of-bounds read in
    X509_cmp_time
    - debian/patches/CVE-2015-1789.patch: properly parse time format in
      crypto/x509/x509_vfy.c.
    - CVE-2015-1789
  * SECURITY UPDATE: denial of service via missing EnvelopedContent
    - debian/patches/CVE-2015-1790.patch: handle NULL data_body in
      crypto/pkcs7/pk7_doit.c.
    - CVE-2015-1790
  * SECURITY UPDATE: race condition in NewSessionTicket
    - debian/patches/CVE-2015-1791.patch: create a new session in
      ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
      ssl/ssl_sess.c.
    - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
      ssl/ssl_sess.c.
    - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
      ssl/ssl_sess.c.
    - CVE-2015-1791
  * SECURITY UPDATE: CMS verify infinite loop with unknown hash function
    - debian/patches/CVE-2015-1792.patch: fix infinite loop in
      crypto/cms/cms_smime.c.
    - CVE-2015-1792

applied/ubuntu/utopic-devel 2015-06-11 18:03:32 UTC 2015-06-11
Import patches-applied version 1.0.1f-1ubuntu9.8 to applied/ubuntu/utopic-sec...

Author: Marc Deslauriers
Author Date: 2015-06-11 11:12:10 UTC

Import patches-applied version 1.0.1f-1ubuntu9.8 to applied/ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: 2e7f7d28181e7c911d3136fc2c80fd3a496fbbf6
Unapplied parent: d399662511c1f52fa1a012cd29f7605283fd6ce5

New changelog entries:
  * SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
    - debian/patches/reject_small_dh.patch: reject small dh keys in
      ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
      doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
      dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod.
  * SECURITY UPDATE: denial of service and possible code execution via
    invalid free in DTLS
    - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
    - CVE-2014-8176
  * SECURITY UPDATE: denial of service via malformed ECParameters
    - debian/patches/CVE-2015-1788.patch: improve logic in
      crypto/bn/bn_gf2m.c.
    - CVE-2015-1788
  * SECURITY UPDATE: denial of service via out-of-bounds read in
    X509_cmp_time
    - debian/patches/CVE-2015-1789.patch: properly parse time format in
      crypto/x509/x509_vfy.c.
    - CVE-2015-1789
  * SECURITY UPDATE: denial of service via missing EnvelopedContent
    - debian/patches/CVE-2015-1790.patch: handle NULL data_body in
      crypto/pkcs7/pk7_doit.c.
    - CVE-2015-1790
  * SECURITY UPDATE: race condition in NewSessionTicket
    - debian/patches/CVE-2015-1791.patch: create a new session in
      ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
      ssl/ssl_sess.c.
    - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
      ssl/ssl_sess.c.
    - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
      ssl/ssl_sess.c.
    - CVE-2015-1791
  * SECURITY UPDATE: CMS verify infinite loop with unknown hash function
    - debian/patches/CVE-2015-1792.patch: fix infinite loop in
      crypto/cms/cms_smime.c.
    - CVE-2015-1792

ubuntu/utopic-updates 2015-06-11 18:03:32 UTC 2015-06-11
Import patches-unapplied version 1.0.1f-1ubuntu9.8 to ubuntu/utopic-security

Author: Marc Deslauriers
Author Date: 2015-06-11 11:12:10 UTC

Import patches-unapplied version 1.0.1f-1ubuntu9.8 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: 0665fe6eceea390dd6309227406a08112d5b2cbc

New changelog entries:
  * SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
    - debian/patches/reject_small_dh.patch: reject small dh keys in
      ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
      doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
      dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod.
  * SECURITY UPDATE: denial of service and possible code execution via
    invalid free in DTLS
    - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
    - CVE-2014-8176
  * SECURITY UPDATE: denial of service via malformed ECParameters
    - debian/patches/CVE-2015-1788.patch: improve logic in
      crypto/bn/bn_gf2m.c.
    - CVE-2015-1788
  * SECURITY UPDATE: denial of service via out-of-bounds read in
    X509_cmp_time
    - debian/patches/CVE-2015-1789.patch: properly parse time format in
      crypto/x509/x509_vfy.c.
    - CVE-2015-1789
  * SECURITY UPDATE: denial of service via missing EnvelopedContent
    - debian/patches/CVE-2015-1790.patch: handle NULL data_body in
      crypto/pkcs7/pk7_doit.c.
    - CVE-2015-1790
  * SECURITY UPDATE: race condition in NewSessionTicket
    - debian/patches/CVE-2015-1791.patch: create a new session in
      ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
      ssl/ssl_sess.c.
    - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
      ssl/ssl_sess.c.
    - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
      ssl/ssl_sess.c.
    - CVE-2015-1791
  * SECURITY UPDATE: CMS verify infinite loop with unknown hash function
    - debian/patches/CVE-2015-1792.patch: fix infinite loop in
      crypto/cms/cms_smime.c.
    - CVE-2015-1792

ubuntu/utopic-devel 2015-06-11 18:03:32 UTC 2015-06-11
Import patches-unapplied version 1.0.1f-1ubuntu9.8 to ubuntu/utopic-security

Author: Marc Deslauriers
Author Date: 2015-06-11 11:12:10 UTC

Import patches-unapplied version 1.0.1f-1ubuntu9.8 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: 0665fe6eceea390dd6309227406a08112d5b2cbc

New changelog entries:
  * SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
    - debian/patches/reject_small_dh.patch: reject small dh keys in
      ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
      doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
      dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod.
  * SECURITY UPDATE: denial of service and possible code execution via
    invalid free in DTLS
    - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
    - CVE-2014-8176
  * SECURITY UPDATE: denial of service via malformed ECParameters
    - debian/patches/CVE-2015-1788.patch: improve logic in
      crypto/bn/bn_gf2m.c.
    - CVE-2015-1788
  * SECURITY UPDATE: denial of service via out-of-bounds read in
    X509_cmp_time
    - debian/patches/CVE-2015-1789.patch: properly parse time format in
      crypto/x509/x509_vfy.c.
    - CVE-2015-1789
  * SECURITY UPDATE: denial of service via missing EnvelopedContent
    - debian/patches/CVE-2015-1790.patch: handle NULL data_body in
      crypto/pkcs7/pk7_doit.c.
    - CVE-2015-1790
  * SECURITY UPDATE: race condition in NewSessionTicket
    - debian/patches/CVE-2015-1791.patch: create a new session in
      ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
      ssl/ssl_sess.c.
    - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
      ssl/ssl_sess.c.
    - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
      ssl/ssl_sess.c.
    - CVE-2015-1791
  * SECURITY UPDATE: CMS verify infinite loop with unknown hash function
    - debian/patches/CVE-2015-1792.patch: fix infinite loop in
      crypto/cms/cms_smime.c.
    - CVE-2015-1792

ubuntu/lucid-updates 2015-03-19 16:58:34 UTC 2015-03-19
Import patches-unapplied version 0.9.8k-7ubuntu8.27 to ubuntu/lucid-security

Author: Marc Deslauriers
Author Date: 2015-03-19 13:57:59 UTC

Import patches-unapplied version 0.9.8k-7ubuntu8.27 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 35a8c5311c92f33646b1ef1960df8043fb598789

New changelog entries:
  * SECURITY UPDATE: denial of service and possible memory corruption via
    malformed EC private key
    - debian/patches/CVE-2015-0209.patch: fix use after free in
      crypto/ec/ec_asn1.c.
    - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
      freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
    - CVE-2015-0209
  * SECURITY UPDATE: denial of service via cert verification
    - debian/patches/CVE-2015-0286.patch: handle boolean types in
      crypto/asn1/a_type.c.
    - CVE-2015-0286
  * SECURITY UPDATE: ASN.1 structure reuse memory corruption
    - debian/patches/CVE-2015-0287.patch: free up structures in
      crypto/asn1/tasn_dec.c.
    - CVE-2015-0287
  * SECURITY UPDATE: denial of service via invalid certificate key
    - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
      crypto/x509/x509_req.c.
    - CVE-2015-0288
  * SECURITY UPDATE: denial of service and possible code execution via
    PKCS#7 parsing
    - debian/patches/CVE-2015-0289.patch: handle missing content in
      crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
    - CVE-2015-0289
  * SECURITY UPDATE: denial of service or memory corruption via base64
    decoding
    - debian/patches/CVE-2015-0292.patch: prevent underflow in
      crypto/evp/encode.c.
    - CVE-2015-0292
  * SECURITY UPDATE: denial of service via assert in SSLv2 servers
    - debian/patches/CVE-2015-0293.patch: check key lengths in
      ssl/s2_lib.c, ssl/s2_srvr.c.
    - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
      ssl/s2_srvr.c.
    - CVE-2015-0293

ubuntu/lucid-devel 2015-03-19 16:58:34 UTC 2015-03-19
Import patches-unapplied version 0.9.8k-7ubuntu8.27 to ubuntu/lucid-security

Author: Marc Deslauriers
Author Date: 2015-03-19 13:57:59 UTC

Import patches-unapplied version 0.9.8k-7ubuntu8.27 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 35a8c5311c92f33646b1ef1960df8043fb598789

New changelog entries:
  * SECURITY UPDATE: denial of service and possible memory corruption via
    malformed EC private key
    - debian/patches/CVE-2015-0209.patch: fix use after free in
      crypto/ec/ec_asn1.c.
    - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
      freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
    - CVE-2015-0209
  * SECURITY UPDATE: denial of service via cert verification
    - debian/patches/CVE-2015-0286.patch: handle boolean types in
      crypto/asn1/a_type.c.
    - CVE-2015-0286
  * SECURITY UPDATE: ASN.1 structure reuse memory corruption
    - debian/patches/CVE-2015-0287.patch: free up structures in
      crypto/asn1/tasn_dec.c.
    - CVE-2015-0287
  * SECURITY UPDATE: denial of service via invalid certificate key
    - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
      crypto/x509/x509_req.c.
    - CVE-2015-0288
  * SECURITY UPDATE: denial of service and possible code execution via
    PKCS#7 parsing
    - debian/patches/CVE-2015-0289.patch: handle missing content in
      crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
    - CVE-2015-0289
  * SECURITY UPDATE: denial of service or memory corruption via base64
    decoding
    - debian/patches/CVE-2015-0292.patch: prevent underflow in
      crypto/evp/encode.c.
    - CVE-2015-0292
  * SECURITY UPDATE: denial of service via assert in SSLv2 servers
    - debian/patches/CVE-2015-0293.patch: check key lengths in
      ssl/s2_lib.c, ssl/s2_srvr.c.
    - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
      ssl/s2_srvr.c.
    - CVE-2015-0293

applied/ubuntu/lucid-devel 2015-03-19 16:58:34 UTC 2015-03-19
Import patches-applied version 0.9.8k-7ubuntu8.27 to applied/ubuntu/lucid-sec...

Author: Marc Deslauriers
Author Date: 2015-03-19 13:57:59 UTC

Import patches-applied version 0.9.8k-7ubuntu8.27 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 2be9c570239e1c36f3e887d7110ae87d63546e54
Unapplied parent: 0170bbaea8f40fd42b89fb6c2886f4bc126e5d83

New changelog entries:
  * SECURITY UPDATE: denial of service and possible memory corruption via
    malformed EC private key
    - debian/patches/CVE-2015-0209.patch: fix use after free in
      crypto/ec/ec_asn1.c.
    - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
      freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
    - CVE-2015-0209
  * SECURITY UPDATE: denial of service via cert verification
    - debian/patches/CVE-2015-0286.patch: handle boolean types in
      crypto/asn1/a_type.c.
    - CVE-2015-0286
  * SECURITY UPDATE: ASN.1 structure reuse memory corruption
    - debian/patches/CVE-2015-0287.patch: free up structures in
      crypto/asn1/tasn_dec.c.
    - CVE-2015-0287
  * SECURITY UPDATE: denial of service via invalid certificate key
    - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
      crypto/x509/x509_req.c.
    - CVE-2015-0288
  * SECURITY UPDATE: denial of service and possible code execution via
    PKCS#7 parsing
    - debian/patches/CVE-2015-0289.patch: handle missing content in
      crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
    - CVE-2015-0289
  * SECURITY UPDATE: denial of service or memory corruption via base64
    decoding
    - debian/patches/CVE-2015-0292.patch: prevent underflow in
      crypto/evp/encode.c.
    - CVE-2015-0292
  * SECURITY UPDATE: denial of service via assert in SSLv2 servers
    - debian/patches/CVE-2015-0293.patch: check key lengths in
      ssl/s2_lib.c, ssl/s2_srvr.c.
    - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
      ssl/s2_srvr.c.
    - CVE-2015-0293

applied/ubuntu/lucid-updates 2015-03-19 16:58:34 UTC 2015-03-19
Import patches-applied version 0.9.8k-7ubuntu8.27 to applied/ubuntu/lucid-sec...

Author: Marc Deslauriers
Author Date: 2015-03-19 13:57:59 UTC

Import patches-applied version 0.9.8k-7ubuntu8.27 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 2be9c570239e1c36f3e887d7110ae87d63546e54
Unapplied parent: 0170bbaea8f40fd42b89fb6c2886f4bc126e5d83

New changelog entries:
  * SECURITY UPDATE: denial of service and possible memory corruption via
    malformed EC private key
    - debian/patches/CVE-2015-0209.patch: fix use after free in
      crypto/ec/ec_asn1.c.
    - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
      freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
    - CVE-2015-0209
  * SECURITY UPDATE: denial of service via cert verification
    - debian/patches/CVE-2015-0286.patch: handle boolean types in
      crypto/asn1/a_type.c.
    - CVE-2015-0286
  * SECURITY UPDATE: ASN.1 structure reuse memory corruption
    - debian/patches/CVE-2015-0287.patch: free up structures in
      crypto/asn1/tasn_dec.c.
    - CVE-2015-0287
  * SECURITY UPDATE: denial of service via invalid certificate key
    - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
      crypto/x509/x509_req.c.
    - CVE-2015-0288
  * SECURITY UPDATE: denial of service and possible code execution via
    PKCS#7 parsing
    - debian/patches/CVE-2015-0289.patch: handle missing content in
      crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
    - CVE-2015-0289
  * SECURITY UPDATE: denial of service or memory corruption via base64
    decoding
    - debian/patches/CVE-2015-0292.patch: prevent underflow in
      crypto/evp/encode.c.
    - CVE-2015-0292
  * SECURITY UPDATE: denial of service via assert in SSLv2 servers
    - debian/patches/CVE-2015-0293.patch: check key lengths in
      ssl/s2_lib.c, ssl/s2_srvr.c.
    - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
      ssl/s2_srvr.c.
    - CVE-2015-0293

applied/ubuntu/lucid-security 2015-03-19 16:58:34 UTC 2015-03-19
Import patches-applied version 0.9.8k-7ubuntu8.27 to applied/ubuntu/lucid-sec...

Author: Marc Deslauriers
Author Date: 2015-03-19 13:57:59 UTC

Import patches-applied version 0.9.8k-7ubuntu8.27 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 2be9c570239e1c36f3e887d7110ae87d63546e54
Unapplied parent: 0170bbaea8f40fd42b89fb6c2886f4bc126e5d83

New changelog entries:
  * SECURITY UPDATE: denial of service and possible memory corruption via
    malformed EC private key
    - debian/patches/CVE-2015-0209.patch: fix use after free in
      crypto/ec/ec_asn1.c.
    - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
      freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
    - CVE-2015-0209
  * SECURITY UPDATE: denial of service via cert verification
    - debian/patches/CVE-2015-0286.patch: handle boolean types in
      crypto/asn1/a_type.c.
    - CVE-2015-0286
  * SECURITY UPDATE: ASN.1 structure reuse memory corruption
    - debian/patches/CVE-2015-0287.patch: free up structures in
      crypto/asn1/tasn_dec.c.
    - CVE-2015-0287
  * SECURITY UPDATE: denial of service via invalid certificate key
    - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
      crypto/x509/x509_req.c.
    - CVE-2015-0288
  * SECURITY UPDATE: denial of service and possible code execution via
    PKCS#7 parsing
    - debian/patches/CVE-2015-0289.patch: handle missing content in
      crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
    - CVE-2015-0289
  * SECURITY UPDATE: denial of service or memory corruption via base64
    decoding
    - debian/patches/CVE-2015-0292.patch: prevent underflow in
      crypto/evp/encode.c.
    - CVE-2015-0292
  * SECURITY UPDATE: denial of service via assert in SSLv2 servers
    - debian/patches/CVE-2015-0293.patch: check key lengths in
      ssl/s2_lib.c, ssl/s2_srvr.c.
    - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
      ssl/s2_srvr.c.
    - CVE-2015-0293

ubuntu/lucid-security 2015-03-19 16:58:34 UTC 2015-03-19
Import patches-unapplied version 0.9.8k-7ubuntu8.27 to ubuntu/lucid-security

Author: Marc Deslauriers
Author Date: 2015-03-19 13:57:59 UTC

Import patches-unapplied version 0.9.8k-7ubuntu8.27 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 35a8c5311c92f33646b1ef1960df8043fb598789

New changelog entries:
  * SECURITY UPDATE: denial of service and possible memory corruption via
    malformed EC private key
    - debian/patches/CVE-2015-0209.patch: fix use after free in
      crypto/ec/ec_asn1.c.
    - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
      freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
    - CVE-2015-0209
  * SECURITY UPDATE: denial of service via cert verification
    - debian/patches/CVE-2015-0286.patch: handle boolean types in
      crypto/asn1/a_type.c.
    - CVE-2015-0286
  * SECURITY UPDATE: ASN.1 structure reuse memory corruption
    - debian/patches/CVE-2015-0287.patch: free up structures in
      crypto/asn1/tasn_dec.c.
    - CVE-2015-0287
  * SECURITY UPDATE: denial of service via invalid certificate key
    - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
      crypto/x509/x509_req.c.
    - CVE-2015-0288
  * SECURITY UPDATE: denial of service and possible code execution via
    PKCS#7 parsing
    - debian/patches/CVE-2015-0289.patch: handle missing content in
      crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
    - CVE-2015-0289
  * SECURITY UPDATE: denial of service or memory corruption via base64
    decoding
    - debian/patches/CVE-2015-0292.patch: prevent underflow in
      crypto/evp/encode.c.
    - CVE-2015-0292
  * SECURITY UPDATE: denial of service via assert in SSLv2 servers
    - debian/patches/CVE-2015-0293.patch: check key lengths in
      ssl/s2_lib.c, ssl/s2_srvr.c.
    - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
      ssl/s2_srvr.c.
    - CVE-2015-0293

ubuntu/vivid-proposed 2015-03-19 15:18:35 UTC 2015-03-19
Import patches-unapplied version 1.0.1f-1ubuntu11 to ubuntu/vivid-proposed

Author: Marc Deslauriers
Author Date: 2015-03-19 14:07:13 UTC

Import patches-unapplied version 1.0.1f-1ubuntu11 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 848cdb5bee2ad1172c94fb69e024b7e0a3d5be65

New changelog entries:
  * SECURITY UPDATE: denial of service and possible memory corruption via
    malformed EC private key
    - debian/patches/CVE-2015-0209.patch: fix use after free in
      crypto/ec/ec_asn1.c.
    - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
      freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
    - CVE-2015-0209
  * SECURITY UPDATE: denial of service via cert verification
    - debian/patches/CVE-2015-0286.patch: handle boolean types in
      crypto/asn1/a_type.c.
    - CVE-2015-0286
  * SECURITY UPDATE: ASN.1 structure reuse memory corruption
    - debian/patches/CVE-2015-0287.patch: free up structures in
      crypto/asn1/tasn_dec.c.
    - CVE-2015-0287
  * SECURITY UPDATE: denial of service via invalid certificate key
    - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
      crypto/x509/x509_req.c.
    - CVE-2015-0288
  * SECURITY UPDATE: denial of service and possible code execution via
    PKCS#7 parsing
    - debian/patches/CVE-2015-0289.patch: handle missing content in
      crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
    - CVE-2015-0289
  * SECURITY UPDATE: denial of service or memory corruption via base64
    decoding
    - debian/patches/CVE-2015-0292.patch: prevent underflow in
      crypto/evp/encode.c.
    - CVE-2015-0292
  * SECURITY UPDATE: denial of service via assert in SSLv2 servers
    - debian/patches/CVE-2015-0293.patch: check key lengths in
      ssl/s2_lib.c, ssl/s2_srvr.c.
    - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
      ssl/s2_srvr.c.
    - CVE-2015-0293

ubuntu/vivid 2015-03-19 15:18:35 UTC 2015-03-19
Import patches-unapplied version 1.0.1f-1ubuntu11 to ubuntu/vivid-proposed

Author: Marc Deslauriers
Author Date: 2015-03-19 14:07:13 UTC

Import patches-unapplied version 1.0.1f-1ubuntu11 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 848cdb5bee2ad1172c94fb69e024b7e0a3d5be65

New changelog entries:
  * SECURITY UPDATE: denial of service and possible memory corruption via
    malformed EC private key
    - debian/patches/CVE-2015-0209.patch: fix use after free in
      crypto/ec/ec_asn1.c.
    - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
      freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
    - CVE-2015-0209
  * SECURITY UPDATE: denial of service via cert verification
    - debian/patches/CVE-2015-0286.patch: handle boolean types in
      crypto/asn1/a_type.c.
    - CVE-2015-0286
  * SECURITY UPDATE: ASN.1 structure reuse memory corruption
    - debian/patches/CVE-2015-0287.patch: free up structures in
      crypto/asn1/tasn_dec.c.
    - CVE-2015-0287
  * SECURITY UPDATE: denial of service via invalid certificate key
    - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
      crypto/x509/x509_req.c.
    - CVE-2015-0288
  * SECURITY UPDATE: denial of service and possible code execution via
    PKCS#7 parsing
    - debian/patches/CVE-2015-0289.patch: handle missing content in
      crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
    - CVE-2015-0289
  * SECURITY UPDATE: denial of service or memory corruption via base64
    decoding
    - debian/patches/CVE-2015-0292.patch: prevent underflow in
      crypto/evp/encode.c.
    - CVE-2015-0292
  * SECURITY UPDATE: denial of service via assert in SSLv2 servers
    - debian/patches/CVE-2015-0293.patch: check key lengths in
      ssl/s2_lib.c, ssl/s2_srvr.c.
    - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
      ssl/s2_srvr.c.
    - CVE-2015-0293

applied/ubuntu/vivid-proposed 2015-03-19 15:18:35 UTC 2015-03-19
Import patches-applied version 1.0.1f-1ubuntu11 to applied/ubuntu/vivid-proposed

Author: Marc Deslauriers
Author Date: 2015-03-19 14:07:13 UTC

Import patches-applied version 1.0.1f-1ubuntu11 to applied/ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: b1eaab68b5c561c3491635b73e70de55488bd17a
Unapplied parent: 613d8c53d4ee150f46fbe794fd6f653713773025

New changelog entries:
  * SECURITY UPDATE: denial of service and possible memory corruption via
    malformed EC private key
    - debian/patches/CVE-2015-0209.patch: fix use after free in
      crypto/ec/ec_asn1.c.
    - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
      freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
    - CVE-2015-0209
  * SECURITY UPDATE: denial of service via cert verification
    - debian/patches/CVE-2015-0286.patch: handle boolean types in
      crypto/asn1/a_type.c.
    - CVE-2015-0286
  * SECURITY UPDATE: ASN.1 structure reuse memory corruption
    - debian/patches/CVE-2015-0287.patch: free up structures in
      crypto/asn1/tasn_dec.c.
    - CVE-2015-0287
  * SECURITY UPDATE: denial of service via invalid certificate key
    - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
      crypto/x509/x509_req.c.
    - CVE-2015-0288
  * SECURITY UPDATE: denial of service and possible code execution via
    PKCS#7 parsing
    - debian/patches/CVE-2015-0289.patch: handle missing content in
      crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
    - CVE-2015-0289
  * SECURITY UPDATE: denial of service or memory corruption via base64
    decoding
    - debian/patches/CVE-2015-0292.patch: prevent underflow in
      crypto/evp/encode.c.
    - CVE-2015-0292
  * SECURITY UPDATE: denial of service via assert in SSLv2 servers
    - debian/patches/CVE-2015-0293.patch: check key lengths in
      ssl/s2_lib.c, ssl/s2_srvr.c.
    - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
      ssl/s2_srvr.c.
    - CVE-2015-0293

applied/ubuntu/vivid 2015-03-19 15:18:35 UTC 2015-03-19
Import patches-applied version 1.0.1f-1ubuntu11 to applied/ubuntu/vivid-proposed

Author: Marc Deslauriers
Author Date: 2015-03-19 14:07:13 UTC

Import patches-applied version 1.0.1f-1ubuntu11 to applied/ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: b1eaab68b5c561c3491635b73e70de55488bd17a
Unapplied parent: 613d8c53d4ee150f46fbe794fd6f653713773025

New changelog entries:
  * SECURITY UPDATE: denial of service and possible memory corruption via
    malformed EC private key
    - debian/patches/CVE-2015-0209.patch: fix use after free in
      crypto/ec/ec_asn1.c.
    - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
      freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
    - CVE-2015-0209
  * SECURITY UPDATE: denial of service via cert verification
    - debian/patches/CVE-2015-0286.patch: handle boolean types in
      crypto/asn1/a_type.c.
    - CVE-2015-0286
  * SECURITY UPDATE: ASN.1 structure reuse memory corruption
    - debian/patches/CVE-2015-0287.patch: free up structures in
      crypto/asn1/tasn_dec.c.
    - CVE-2015-0287
  * SECURITY UPDATE: denial of service via invalid certificate key
    - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
      crypto/x509/x509_req.c.
    - CVE-2015-0288
  * SECURITY UPDATE: denial of service and possible code execution via
    PKCS#7 parsing
    - debian/patches/CVE-2015-0289.patch: handle missing content in
      crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
    - CVE-2015-0289
  * SECURITY UPDATE: denial of service or memory corruption via base64
    decoding
    - debian/patches/CVE-2015-0292.patch: prevent underflow in
      crypto/evp/encode.c.
    - CVE-2015-0292
  * SECURITY UPDATE: denial of service via assert in SSLv2 servers
    - debian/patches/CVE-2015-0293.patch: check key lengths in
      ssl/s2_lib.c, ssl/s2_srvr.c.
    - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
      ssl/s2_srvr.c.
    - CVE-2015-0293

applied/ubuntu/precise-proposed 2015-03-05 17:48:39 UTC 2015-03-05
Import patches-applied version 1.0.1-4ubuntu5.22 to applied/ubuntu/precise-pr...

Author: Marc Deslauriers
Author Date: 2015-02-26 18:05:15 UTC

Import patches-applied version 1.0.1-4ubuntu5.22 to applied/ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 8fdc722f621274cbd9bdbaef3175e599289587d3
Unapplied parent: 13435bb3d4bf50549835ec47e18fbee85a193573

New changelog entries:
  * Fix DTLS handshake on amd64 (LP: #1425914)
    - debian/patches/lp1425914.patch: backport upstream patch that fixes
      alignment issue causing an assert in ssl/ssl_ciph.c.

ubuntu/precise-proposed 2015-03-05 17:48:39 UTC 2015-03-05
Import patches-unapplied version 1.0.1-4ubuntu5.22 to ubuntu/precise-proposed

Author: Marc Deslauriers
Author Date: 2015-02-26 18:05:15 UTC

Import patches-unapplied version 1.0.1-4ubuntu5.22 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 9198b637edf316f39b0308698aa0b73b23d2cd5a

New changelog entries:
  * Fix DTLS handshake on amd64 (LP: #1425914)
    - debian/patches/lp1425914.patch: backport upstream patch that fixes
      alignment issue causing an assert in ssl/ssl_ciph.c.

ubuntu/utopic-proposed 2014-10-16 16:22:26 UTC 2014-10-16
Import patches-unapplied version 1.0.1f-1ubuntu9 to ubuntu/utopic-proposed

Author: Marc Deslauriers
Author Date: 2014-10-16 14:56:10 UTC

Import patches-unapplied version 1.0.1f-1ubuntu9 to ubuntu/utopic-proposed

Imported using git-ubuntu import.

Changelog parent: 74f6bcfd48ec8fdbf94511d66d64302f0c4214f4

New changelog entries:
  * SECURITY UPDATE: denial of service via DTLS SRTP memory leak
    - debian/patches/CVE-2014-3513.patch: fix logic in ssl/d1_srtp.c,
      ssl/srtp.h, ssl/t1_lib.c, util/mk1mf.pl, util/mkdef.pl,
      util/ssleay.num.
    - CVE-2014-3513
  * SECURITY UPDATE: denial of service via session ticket integrity check
    memory leak
    - debian/patches/CVE-2014-3567.patch: perform cleanup in ssl/t1_lib.c.
    - CVE-2014-3567
  * SECURITY UPDATE: fix the no-ssl3 build option
    - debian/patches/CVE-2014-3568.patch: fix conditional code in
      ssl/s23_clnt.c, ssl/s23_srvr.c.
    - CVE-2014-3568
  * SECURITY IMPROVEMENT: Added TLS_FALLBACK_SCSV support to mitigate a
    protocol downgrade attack to SSLv3 that exposes the POODLE attack.
    - debian/patches/tls_fallback_scsv_support.patch: added support for
      TLS_FALLBACK_SCSV in apps/s_client.c, crypto/err/openssl.ec,
      ssl/d1_lib.c, ssl/dtls1.h, ssl/s23_clnt.c, ssl/s23_srvr.c,
      ssl/s2_lib.c, ssl/s3_enc.c, ssl/s3_lib.c, ssl/ssl.h, ssl/ssl3.h,
      ssl/ssl_err.c, ssl/ssl_lib.c, ssl/t1_enc.c, ssl/tls1.h,
      doc/apps/s_client.pod, doc/ssl/SSL_CTX_set_mode.pod.

ubuntu/utopic 2014-10-16 16:22:26 UTC 2014-10-16
Import patches-unapplied version 1.0.1f-1ubuntu9 to ubuntu/utopic-proposed

Author: Marc Deslauriers
Author Date: 2014-10-16 14:56:10 UTC

Import patches-unapplied version 1.0.1f-1ubuntu9 to ubuntu/utopic-proposed

Imported using git-ubuntu import.

Changelog parent: 74f6bcfd48ec8fdbf94511d66d64302f0c4214f4

New changelog entries:
  * SECURITY UPDATE: denial of service via DTLS SRTP memory leak
    - debian/patches/CVE-2014-3513.patch: fix logic in ssl/d1_srtp.c,
      ssl/srtp.h, ssl/t1_lib.c, util/mk1mf.pl, util/mkdef.pl,
      util/ssleay.num.
    - CVE-2014-3513
  * SECURITY UPDATE: denial of service via session ticket integrity check
    memory leak
    - debian/patches/CVE-2014-3567.patch: perform cleanup in ssl/t1_lib.c.
    - CVE-2014-3567
  * SECURITY UPDATE: fix the no-ssl3 build option
    - debian/patches/CVE-2014-3568.patch: fix conditional code in
      ssl/s23_clnt.c, ssl/s23_srvr.c.
    - CVE-2014-3568
  * SECURITY IMPROVEMENT: Added TLS_FALLBACK_SCSV support to mitigate a
    protocol downgrade attack to SSLv3 that exposes the POODLE attack.
    - debian/patches/tls_fallback_scsv_support.patch: added support for
      TLS_FALLBACK_SCSV in apps/s_client.c, crypto/err/openssl.ec,
      ssl/d1_lib.c, ssl/dtls1.h, ssl/s23_clnt.c, ssl/s23_srvr.c,
      ssl/s2_lib.c, ssl/s3_enc.c, ssl/s3_lib.c, ssl/ssl.h, ssl/ssl3.h,
      ssl/ssl_err.c, ssl/ssl_lib.c, ssl/t1_enc.c, ssl/tls1.h,
      doc/apps/s_client.pod, doc/ssl/SSL_CTX_set_mode.pod.

applied/ubuntu/utopic-proposed 2014-10-16 16:22:26 UTC 2014-10-16
Import patches-applied version 1.0.1f-1ubuntu9 to applied/ubuntu/utopic-proposed

Author: Marc Deslauriers
Author Date: 2014-10-16 14:56:10 UTC

Import patches-applied version 1.0.1f-1ubuntu9 to applied/ubuntu/utopic-proposed

Imported using git-ubuntu import.

Changelog parent: 2b748b591ca9fad14c65b1491b4bd8a1d15f3a1f
Unapplied parent: 98054e1810b57e54090d56553d244b6c6f550699

New changelog entries:
  * SECURITY UPDATE: denial of service via DTLS SRTP memory leak
    - debian/patches/CVE-2014-3513.patch: fix logic in ssl/d1_srtp.c,
      ssl/srtp.h, ssl/t1_lib.c, util/mk1mf.pl, util/mkdef.pl,
      util/ssleay.num.
    - CVE-2014-3513
  * SECURITY UPDATE: denial of service via session ticket integrity check
    memory leak
    - debian/patches/CVE-2014-3567.patch: perform cleanup in ssl/t1_lib.c.
    - CVE-2014-3567
  * SECURITY UPDATE: fix the no-ssl3 build option
    - debian/patches/CVE-2014-3568.patch: fix conditional code in
      ssl/s23_clnt.c, ssl/s23_srvr.c.
    - CVE-2014-3568
  * SECURITY IMPROVEMENT: Added TLS_FALLBACK_SCSV support to mitigate a
    protocol downgrade attack to SSLv3 that exposes the POODLE attack.
    - debian/patches/tls_fallback_scsv_support.patch: added support for
      TLS_FALLBACK_SCSV in apps/s_client.c, crypto/err/openssl.ec,
      ssl/d1_lib.c, ssl/dtls1.h, ssl/s23_clnt.c, ssl/s23_srvr.c,
      ssl/s2_lib.c, ssl/s3_enc.c, ssl/s3_lib.c, ssl/ssl.h, ssl/ssl3.h,
      ssl/ssl_err.c, ssl/ssl_lib.c, ssl/t1_enc.c, ssl/tls1.h,
      doc/apps/s_client.pod, doc/ssl/SSL_CTX_set_mode.pod.

applied/ubuntu/utopic 2014-10-16 16:22:26 UTC 2014-10-16
Import patches-applied version 1.0.1f-1ubuntu9 to applied/ubuntu/utopic-proposed

Author: Marc Deslauriers
Author Date: 2014-10-16 14:56:10 UTC

Import patches-applied version 1.0.1f-1ubuntu9 to applied/ubuntu/utopic-proposed

Imported using git-ubuntu import.

Changelog parent: 2b748b591ca9fad14c65b1491b4bd8a1d15f3a1f
Unapplied parent: 98054e1810b57e54090d56553d244b6c6f550699

New changelog entries:
  * SECURITY UPDATE: denial of service via DTLS SRTP memory leak
    - debian/patches/CVE-2014-3513.patch: fix logic in ssl/d1_srtp.c,
      ssl/srtp.h, ssl/t1_lib.c, util/mk1mf.pl, util/mkdef.pl,
      util/ssleay.num.
    - CVE-2014-3513
  * SECURITY UPDATE: denial of service via session ticket integrity check
    memory leak
    - debian/patches/CVE-2014-3567.patch: perform cleanup in ssl/t1_lib.c.
    - CVE-2014-3567
  * SECURITY UPDATE: fix the no-ssl3 build option
    - debian/patches/CVE-2014-3568.patch: fix conditional code in
      ssl/s23_clnt.c, ssl/s23_srvr.c.
    - CVE-2014-3568
  * SECURITY IMPROVEMENT: Added TLS_FALLBACK_SCSV support to mitigate a
    protocol downgrade attack to SSLv3 that exposes the POODLE attack.
    - debian/patches/tls_fallback_scsv_support.patch: added support for
      TLS_FALLBACK_SCSV in apps/s_client.c, crypto/err/openssl.ec,
      ssl/d1_lib.c, ssl/dtls1.h, ssl/s23_clnt.c, ssl/s23_srvr.c,
      ssl/s2_lib.c, ssl/s3_enc.c, ssl/s3_lib.c, ssl/ssl.h, ssl/ssl3.h,
      ssl/ssl_err.c, ssl/ssl_lib.c, ssl/t1_enc.c, ssl/tls1.h,
      doc/apps/s_client.pod, doc/ssl/SSL_CTX_set_mode.pod.

ubuntu/saucy-security 2014-06-23 12:08:46 UTC 2014-06-23
Import patches-unapplied version 1.0.1e-3ubuntu1.6 to ubuntu/saucy-security

Author: Marc Deslauriers
Author Date: 2014-06-20 17:56:05 UTC

Import patches-unapplied version 1.0.1e-3ubuntu1.6 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: 67e5239b6cf7200a9eff40427302a45b72be9ff9

New changelog entries:
  * SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
    - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
      sending finished ssl/s3_clnt.c.

applied/ubuntu/saucy-devel 2014-06-23 12:08:46 UTC 2014-06-23
Import patches-applied version 1.0.1e-3ubuntu1.6 to applied/ubuntu/saucy-secu...

Author: Marc Deslauriers
Author Date: 2014-06-20 17:56:05 UTC

Import patches-applied version 1.0.1e-3ubuntu1.6 to applied/ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: 7a26034a0174ddaaef3a06df43df2eea51692486
Unapplied parent: 5534e75709a6a90a0c99eca5ca06c809a74393e6

New changelog entries:
  * SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
    - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
      sending finished ssl/s3_clnt.c.

applied/ubuntu/saucy-security 2014-06-23 12:08:46 UTC 2014-06-23
Import patches-applied version 1.0.1e-3ubuntu1.6 to applied/ubuntu/saucy-secu...

Author: Marc Deslauriers
Author Date: 2014-06-20 17:56:05 UTC

Import patches-applied version 1.0.1e-3ubuntu1.6 to applied/ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: 7a26034a0174ddaaef3a06df43df2eea51692486
Unapplied parent: 5534e75709a6a90a0c99eca5ca06c809a74393e6

New changelog entries:
  * SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
    - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
      sending finished ssl/s3_clnt.c.

applied/ubuntu/saucy-updates 2014-06-23 12:08:46 UTC 2014-06-23
Import patches-applied version 1.0.1e-3ubuntu1.6 to applied/ubuntu/saucy-secu...

Author: Marc Deslauriers
Author Date: 2014-06-20 17:56:05 UTC

Import patches-applied version 1.0.1e-3ubuntu1.6 to applied/ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: 7a26034a0174ddaaef3a06df43df2eea51692486
Unapplied parent: 5534e75709a6a90a0c99eca5ca06c809a74393e6

New changelog entries:
  * SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
    - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
      sending finished ssl/s3_clnt.c.

ubuntu/saucy-devel 2014-06-23 12:08:46 UTC 2014-06-23
Import patches-unapplied version 1.0.1e-3ubuntu1.6 to ubuntu/saucy-security

Author: Marc Deslauriers
Author Date: 2014-06-20 17:56:05 UTC

Import patches-unapplied version 1.0.1e-3ubuntu1.6 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: 67e5239b6cf7200a9eff40427302a45b72be9ff9

New changelog entries:
  * SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
    - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
      sending finished ssl/s3_clnt.c.

ubuntu/saucy-updates 2014-06-23 12:08:46 UTC 2014-06-23
Import patches-unapplied version 1.0.1e-3ubuntu1.6 to ubuntu/saucy-security

Author: Marc Deslauriers
Author Date: 2014-06-20 17:56:05 UTC

Import patches-unapplied version 1.0.1e-3ubuntu1.6 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: 67e5239b6cf7200a9eff40427302a45b72be9ff9

New changelog entries:
  * SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
    - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
      sending finished ssl/s3_clnt.c.

applied/ubuntu/quantal-security 2014-05-05 13:58:37 UTC 2014-05-05
Import patches-applied version 1.0.1c-3ubuntu2.8 to applied/ubuntu/quantal-se...

Author: Marc Deslauriers
Author Date: 2014-05-02 19:27:44 UTC

Import patches-applied version 1.0.1c-3ubuntu2.8 to applied/ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 740bfca1489b9ed15d3ec5a901ef2b3a1dd9ad06
Unapplied parent: 6130fceb6f96f165e9daa9e8b27b0151d83c98ce

New changelog entries:
  * SECURITY UPDATE: denial of service via use after free
    - debian/patches/CVE-2010-5298.patch: check s->s3->rbuf.left before
      releasing buffers in ssl/s3_pkt.c.
    - CVE-2010-5298
  * SECURITY UPDATE: denial of service via null pointer dereference
    - debian/patches/CVE-2014-0198.patch: if buffer was released, get a new
      one in ssl/s3_pkt.c.
    - CVE-2014-0198

ubuntu/quantal-security 2014-05-05 13:58:37 UTC 2014-05-05
Import patches-unapplied version 1.0.1c-3ubuntu2.8 to ubuntu/quantal-security

Author: Marc Deslauriers
Author Date: 2014-05-02 19:27:44 UTC

Import patches-unapplied version 1.0.1c-3ubuntu2.8 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 2c5d657bd48f56a471c649337acb4209b68d3a02

New changelog entries:
  * SECURITY UPDATE: denial of service via use after free
    - debian/patches/CVE-2010-5298.patch: check s->s3->rbuf.left before
      releasing buffers in ssl/s3_pkt.c.
    - CVE-2010-5298
  * SECURITY UPDATE: denial of service via null pointer dereference
    - debian/patches/CVE-2014-0198.patch: if buffer was released, get a new
      one in ssl/s3_pkt.c.
    - CVE-2014-0198

applied/ubuntu/quantal-devel 2014-05-05 13:58:37 UTC 2014-05-05
Import patches-applied version 1.0.1c-3ubuntu2.8 to applied/ubuntu/quantal-se...

Author: Marc Deslauriers
Author Date: 2014-05-02 19:27:44 UTC

Import patches-applied version 1.0.1c-3ubuntu2.8 to applied/ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 740bfca1489b9ed15d3ec5a901ef2b3a1dd9ad06
Unapplied parent: 6130fceb6f96f165e9daa9e8b27b0151d83c98ce

New changelog entries:
  * SECURITY UPDATE: denial of service via use after free
    - debian/patches/CVE-2010-5298.patch: check s->s3->rbuf.left before
      releasing buffers in ssl/s3_pkt.c.
    - CVE-2010-5298
  * SECURITY UPDATE: denial of service via null pointer dereference
    - debian/patches/CVE-2014-0198.patch: if buffer was released, get a new
      one in ssl/s3_pkt.c.
    - CVE-2014-0198

ubuntu/quantal-devel 2014-05-05 13:58:37 UTC 2014-05-05
Import patches-unapplied version 1.0.1c-3ubuntu2.8 to ubuntu/quantal-security

Author: Marc Deslauriers
Author Date: 2014-05-02 19:27:44 UTC

Import patches-unapplied version 1.0.1c-3ubuntu2.8 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 2c5d657bd48f56a471c649337acb4209b68d3a02

New changelog entries:
  * SECURITY UPDATE: denial of service via use after free
    - debian/patches/CVE-2010-5298.patch: check s->s3->rbuf.left before
      releasing buffers in ssl/s3_pkt.c.
    - CVE-2010-5298
  * SECURITY UPDATE: denial of service via null pointer dereference
    - debian/patches/CVE-2014-0198.patch: if buffer was released, get a new
      one in ssl/s3_pkt.c.
    - CVE-2014-0198

ubuntu/quantal-updates 2014-05-05 13:58:37 UTC 2014-05-05
Import patches-unapplied version 1.0.1c-3ubuntu2.8 to ubuntu/quantal-security

Author: Marc Deslauriers
Author Date: 2014-05-02 19:27:44 UTC

Import patches-unapplied version 1.0.1c-3ubuntu2.8 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 2c5d657bd48f56a471c649337acb4209b68d3a02

New changelog entries:
  * SECURITY UPDATE: denial of service via use after free
    - debian/patches/CVE-2010-5298.patch: check s->s3->rbuf.left before
      releasing buffers in ssl/s3_pkt.c.
    - CVE-2010-5298
  * SECURITY UPDATE: denial of service via null pointer dereference
    - debian/patches/CVE-2014-0198.patch: if buffer was released, get a new
      one in ssl/s3_pkt.c.
    - CVE-2014-0198

applied/ubuntu/quantal-updates 2014-05-05 13:58:37 UTC 2014-05-05
Import patches-applied version 1.0.1c-3ubuntu2.8 to applied/ubuntu/quantal-se...

Author: Marc Deslauriers
Author Date: 2014-05-02 19:27:44 UTC

Import patches-applied version 1.0.1c-3ubuntu2.8 to applied/ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 740bfca1489b9ed15d3ec5a901ef2b3a1dd9ad06
Unapplied parent: 6130fceb6f96f165e9daa9e8b27b0151d83c98ce

New changelog entries:
  * SECURITY UPDATE: denial of service via use after free
    - debian/patches/CVE-2010-5298.patch: check s->s3->rbuf.left before
      releasing buffers in ssl/s3_pkt.c.
    - CVE-2010-5298
  * SECURITY UPDATE: denial of service via null pointer dereference
    - debian/patches/CVE-2014-0198.patch: if buffer was released, get a new
      one in ssl/s3_pkt.c.
    - CVE-2014-0198

ubuntu/trusty 2014-04-07 21:28:30 UTC 2014-04-07
Import patches-unapplied version 1.0.1f-1ubuntu2 to ubuntu/trusty-proposed

Author: Marc Deslauriers
Author Date: 2014-04-07 19:37:53 UTC

Import patches-unapplied version 1.0.1f-1ubuntu2 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: b5290b4ebcd2529a215bdd09fca79743de17b591

New changelog entries:
  * SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
    - debian/patches/CVE-2014-0076.patch: add and use constant time swap in
      crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
      util/libeay.num.
    - CVE-2014-0076
  * SECURITY UPDATE: memory disclosure in TLS heartbeat extension
    - debian/patches/CVE-2014-0160.patch: use correct lengths in
      ssl/d1_both.c, ssl/t1_lib.c.
    - CVE-2014-0160

applied/ubuntu/trusty 2014-04-07 21:28:30 UTC 2014-04-07
Import patches-applied version 1.0.1f-1ubuntu2 to applied/ubuntu/trusty-proposed

Author: Marc Deslauriers
Author Date: 2014-04-07 19:37:53 UTC

Import patches-applied version 1.0.1f-1ubuntu2 to applied/ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: a296fe3f6ee959ff757f7c41921161ce44032aeb
Unapplied parent: fb2e04686bea915cb68dc71bfc9d9bb0ab13d2be

New changelog entries:
  * SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
    - debian/patches/CVE-2014-0076.patch: add and use constant time swap in
      crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
      util/libeay.num.
    - CVE-2014-0076
  * SECURITY UPDATE: memory disclosure in TLS heartbeat extension
    - debian/patches/CVE-2014-0160.patch: use correct lengths in
      ssl/d1_both.c, ssl/t1_lib.c.
    - CVE-2014-0160

applied/ubuntu/trusty-proposed 2014-04-07 21:28:30 UTC 2014-04-07
Import patches-applied version 1.0.1f-1ubuntu2 to applied/ubuntu/trusty-proposed

Author: Marc Deslauriers
Author Date: 2014-04-07 19:37:53 UTC

Import patches-applied version 1.0.1f-1ubuntu2 to applied/ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: a296fe3f6ee959ff757f7c41921161ce44032aeb
Unapplied parent: fb2e04686bea915cb68dc71bfc9d9bb0ab13d2be

New changelog entries:
  * SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
    - debian/patches/CVE-2014-0076.patch: add and use constant time swap in
      crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
      util/libeay.num.
    - CVE-2014-0076
  * SECURITY UPDATE: memory disclosure in TLS heartbeat extension
    - debian/patches/CVE-2014-0160.patch: use correct lengths in
      ssl/d1_both.c, ssl/t1_lib.c.
    - CVE-2014-0160

ubuntu/trusty-proposed 2014-04-07 21:28:30 UTC 2014-04-07
Import patches-unapplied version 1.0.1f-1ubuntu2 to ubuntu/trusty-proposed

Author: Marc Deslauriers
Author Date: 2014-04-07 19:37:53 UTC

Import patches-unapplied version 1.0.1f-1ubuntu2 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: b5290b4ebcd2529a215bdd09fca79743de17b591

New changelog entries:
  * SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
    - debian/patches/CVE-2014-0076.patch: add and use constant time swap in
      crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
      util/libeay.num.
    - CVE-2014-0076
  * SECURITY UPDATE: memory disclosure in TLS heartbeat extension
    - debian/patches/CVE-2014-0160.patch: use correct lengths in
      ssl/d1_both.c, ssl/t1_lib.c.
    - CVE-2014-0160

ubuntu/raring-security 2014-01-09 20:43:24 UTC 2014-01-09
Import patches-unapplied version 1.0.1c-4ubuntu8.2 to ubuntu/raring-security

Author: Marc Deslauriers
Author Date: 2014-01-08 19:55:58 UTC

Import patches-unapplied version 1.0.1c-4ubuntu8.2 to ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: e281fcbaf9216ffe400126fe0dda64c8fd6dfe61

New changelog entries:
  * SECURITY UPDATE: denial of service via invalid TLS handshake
    - debian/patches/CVE-2013-4353.patch: handle no new cipher setup in
      ssl/s3_both.c.
    - CVE-2013-4353
  * SECURITY UPDATE: denial of service via incorrect data structure
    - debian/patches/CVE-2013-6449.patch: check for handshake digests in
      ssl/s3_both.c,ssl/s3_pkt.c,ssl/t1_enc.c, use proper version in
      ssl/s3_lib.c.
    - CVE-2013-6449
  * SECURITY UPDATE: denial of service via DTLS retransmission
    - debian/patches/CVE-2013-6450.patch: fix DTLS retransmission in
      crypto/evp/digest.c,ssl/d1_both.c,ssl/s3_pkt.c,ssl/s3_srvr.c,
      ssl/ssl_locl.h,ssl/t1_enc.c.
    - CVE-2013-6450
  * debian/patches/no_default_rdrand.patch: Don't use rdrand engine as
    default unless explicitly requested.

applied/ubuntu/raring-updates 2014-01-09 20:43:24 UTC 2014-01-09
Import patches-applied version 1.0.1c-4ubuntu8.2 to applied/ubuntu/raring-sec...

Author: Marc Deslauriers
Author Date: 2014-01-08 19:55:58 UTC

Import patches-applied version 1.0.1c-4ubuntu8.2 to applied/ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: c1bdbee3326e9628cfc0e4000e16641b993f7f54
Unapplied parent: f14544e20e48c27d67767d7d1b625c11cb491cc0

New changelog entries:
  * SECURITY UPDATE: denial of service via invalid TLS handshake
    - debian/patches/CVE-2013-4353.patch: handle no new cipher setup in
      ssl/s3_both.c.
    - CVE-2013-4353
  * SECURITY UPDATE: denial of service via incorrect data structure
    - debian/patches/CVE-2013-6449.patch: check for handshake digests in
      ssl/s3_both.c,ssl/s3_pkt.c,ssl/t1_enc.c, use proper version in
      ssl/s3_lib.c.
    - CVE-2013-6449
  * SECURITY UPDATE: denial of service via DTLS retransmission
    - debian/patches/CVE-2013-6450.patch: fix DTLS retransmission in
      crypto/evp/digest.c,ssl/d1_both.c,ssl/s3_pkt.c,ssl/s3_srvr.c,
      ssl/ssl_locl.h,ssl/t1_enc.c.
    - CVE-2013-6450
  * debian/patches/no_default_rdrand.patch: Don't use rdrand engine as
    default unless explicitly requested.

applied/ubuntu/raring-security 2014-01-09 20:43:24 UTC 2014-01-09
Import patches-applied version 1.0.1c-4ubuntu8.2 to applied/ubuntu/raring-sec...

Author: Marc Deslauriers
Author Date: 2014-01-08 19:55:58 UTC

Import patches-applied version 1.0.1c-4ubuntu8.2 to applied/ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: c1bdbee3326e9628cfc0e4000e16641b993f7f54
Unapplied parent: f14544e20e48c27d67767d7d1b625c11cb491cc0

New changelog entries:
  * SECURITY UPDATE: denial of service via invalid TLS handshake
    - debian/patches/CVE-2013-4353.patch: handle no new cipher setup in
      ssl/s3_both.c.
    - CVE-2013-4353
  * SECURITY UPDATE: denial of service via incorrect data structure
    - debian/patches/CVE-2013-6449.patch: check for handshake digests in
      ssl/s3_both.c,ssl/s3_pkt.c,ssl/t1_enc.c, use proper version in
      ssl/s3_lib.c.
    - CVE-2013-6449
  * SECURITY UPDATE: denial of service via DTLS retransmission
    - debian/patches/CVE-2013-6450.patch: fix DTLS retransmission in
      crypto/evp/digest.c,ssl/d1_both.c,ssl/s3_pkt.c,ssl/s3_srvr.c,
      ssl/ssl_locl.h,ssl/t1_enc.c.
    - CVE-2013-6450
  * debian/patches/no_default_rdrand.patch: Don't use rdrand engine as
    default unless explicitly requested.

applied/ubuntu/raring-devel 2014-01-09 20:43:24 UTC 2014-01-09
Import patches-applied version 1.0.1c-4ubuntu8.2 to applied/ubuntu/raring-sec...

Author: Marc Deslauriers
Author Date: 2014-01-08 19:55:58 UTC

Import patches-applied version 1.0.1c-4ubuntu8.2 to applied/ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: c1bdbee3326e9628cfc0e4000e16641b993f7f54
Unapplied parent: f14544e20e48c27d67767d7d1b625c11cb491cc0

New changelog entries:
  * SECURITY UPDATE: denial of service via invalid TLS handshake
    - debian/patches/CVE-2013-4353.patch: handle no new cipher setup in
      ssl/s3_both.c.
    - CVE-2013-4353
  * SECURITY UPDATE: denial of service via incorrect data structure
    - debian/patches/CVE-2013-6449.patch: check for handshake digests in
      ssl/s3_both.c,ssl/s3_pkt.c,ssl/t1_enc.c, use proper version in
      ssl/s3_lib.c.
    - CVE-2013-6449
  * SECURITY UPDATE: denial of service via DTLS retransmission
    - debian/patches/CVE-2013-6450.patch: fix DTLS retransmission in
      crypto/evp/digest.c,ssl/d1_both.c,ssl/s3_pkt.c,ssl/s3_srvr.c,
      ssl/ssl_locl.h,ssl/t1_enc.c.
    - CVE-2013-6450
  * debian/patches/no_default_rdrand.patch: Don't use rdrand engine as
    default unless explicitly requested.

ubuntu/raring-devel 2014-01-09 20:43:24 UTC 2014-01-09
Import patches-unapplied version 1.0.1c-4ubuntu8.2 to ubuntu/raring-security

Author: Marc Deslauriers
Author Date: 2014-01-08 19:55:58 UTC

Import patches-unapplied version 1.0.1c-4ubuntu8.2 to ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: e281fcbaf9216ffe400126fe0dda64c8fd6dfe61

New changelog entries:
  * SECURITY UPDATE: denial of service via invalid TLS handshake
    - debian/patches/CVE-2013-4353.patch: handle no new cipher setup in
      ssl/s3_both.c.
    - CVE-2013-4353
  * SECURITY UPDATE: denial of service via incorrect data structure
    - debian/patches/CVE-2013-6449.patch: check for handshake digests in
      ssl/s3_both.c,ssl/s3_pkt.c,ssl/t1_enc.c, use proper version in
      ssl/s3_lib.c.
    - CVE-2013-6449
  * SECURITY UPDATE: denial of service via DTLS retransmission
    - debian/patches/CVE-2013-6450.patch: fix DTLS retransmission in
      crypto/evp/digest.c,ssl/d1_both.c,ssl/s3_pkt.c,ssl/s3_srvr.c,
      ssl/ssl_locl.h,ssl/t1_enc.c.
    - CVE-2013-6450
  * debian/patches/no_default_rdrand.patch: Don't use rdrand engine as
    default unless explicitly requested.

ubuntu/raring-updates 2014-01-09 20:43:24 UTC 2014-01-09
Import patches-unapplied version 1.0.1c-4ubuntu8.2 to ubuntu/raring-security

Author: Marc Deslauriers
Author Date: 2014-01-08 19:55:58 UTC

Import patches-unapplied version 1.0.1c-4ubuntu8.2 to ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: e281fcbaf9216ffe400126fe0dda64c8fd6dfe61

New changelog entries:
  * SECURITY UPDATE: denial of service via invalid TLS handshake
    - debian/patches/CVE-2013-4353.patch: handle no new cipher setup in
      ssl/s3_both.c.
    - CVE-2013-4353
  * SECURITY UPDATE: denial of service via incorrect data structure
    - debian/patches/CVE-2013-6449.patch: check for handshake digests in
      ssl/s3_both.c,ssl/s3_pkt.c,ssl/t1_enc.c, use proper version in
      ssl/s3_lib.c.
    - CVE-2013-6449
  * SECURITY UPDATE: denial of service via DTLS retransmission
    - debian/patches/CVE-2013-6450.patch: fix DTLS retransmission in
      crypto/evp/digest.c,ssl/d1_both.c,ssl/s3_pkt.c,ssl/s3_srvr.c,
      ssl/ssl_locl.h,ssl/t1_enc.c.
    - CVE-2013-6450
  * debian/patches/no_default_rdrand.patch: Don't use rdrand engine as
    default unless explicitly requested.

ubuntu/saucy 2013-07-15 12:57:52 UTC 2013-07-15
Import patches-unapplied version 1.0.1e-3ubuntu1 to ubuntu/saucy-proposed

Author: Matthias Klose
Author Date: 2013-07-15 12:07:52 UTC

Import patches-unapplied version 1.0.1e-3ubuntu1 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 8ce1bbd8473d512f65274dbd5fa5b0845fb8127e

New changelog entries:
  * Merge with Debian, remaining changes.
    - debian/libssl1.0.0.postinst:
      + Display a system restart required notification on libssl1.0.0
        upgrade on servers.
      + Use a different priority for libssl1.0.0/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
    - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
      libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
      in Debian).
    - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
      rules}: Move runtime libraries to /lib, for the benefit of
      wpasupplicant.
    - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
      .pc.
    - debian/rules:
      + Don't run 'make test' when cross-building.
      + Use host compiler when cross-building. Patch from Neil Williams.
      + Don't build for processors no longer supported: i586 (on i386)
      + Fix Makefile to properly clean up libs/ dirs in clean target.
      + Replace duplicate files in the doc directory with symlinks.
    - Unapply patch c_rehash-multi and comment it out in the series as it
      breaks parsing of certificates with CRLF line endings and other cases
      (see Debian #642314 for discussion), it also changes the semantics of
      c_rehash directories by requiring applications to parse hash link
      targets as files containing potentially *multiple* certificates rather
      than exactly one.
    - debian/patches/tls12_workarounds.patch: Workaround large client hello
      issues when TLS 1.1 and lower is in use
    - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-*
    - debian/patches/ubuntu_deb676533_arm_asm.patch: Enable arm assembly
      code.
    - debian/patches/arm64-support: Add basic arm64 support (no assembler)
    - debian/rules: Enable optimized 64bit elliptic curve code contributed
      by Google.
  * debian/patches/tls12_workarounds.patch: updated to also disable TLS 1.2
    in test suite since we disable it in the client.
  * Disable compression to avoid CRIME systemwide (CVE-2012-4929).
  * Dropped changes:
    - debian/patches/ubuntu_deb676533_arm_asm.patch, applied in Debian.

applied/ubuntu/saucy-proposed 2013-07-15 12:57:52 UTC 2013-07-15
Import patches-applied version 1.0.1e-3ubuntu1 to applied/ubuntu/saucy-proposed

Author: Matthias Klose
Author Date: 2013-07-15 12:07:52 UTC

Import patches-applied version 1.0.1e-3ubuntu1 to applied/ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 69eaa408f2f7d2ab39f2dcd8f6a791581621b078
Unapplied parent: 77e6a559eef0c18800e934435a64a2b004e2da30

New changelog entries:
  * Merge with Debian, remaining changes.
    - debian/libssl1.0.0.postinst:
      + Display a system restart required notification on libssl1.0.0
        upgrade on servers.
      + Use a different priority for libssl1.0.0/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
    - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
      libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
      in Debian).
    - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
      rules}: Move runtime libraries to /lib, for the benefit of
      wpasupplicant.
    - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
      .pc.
    - debian/rules:
      + Don't run 'make test' when cross-building.
      + Use host compiler when cross-building. Patch from Neil Williams.
      + Don't build for processors no longer supported: i586 (on i386)
      + Fix Makefile to properly clean up libs/ dirs in clean target.
      + Replace duplicate files in the doc directory with symlinks.
    - Unapply patch c_rehash-multi and comment it out in the series as it
      breaks parsing of certificates with CRLF line endings and other cases
      (see Debian #642314 for discussion), it also changes the semantics of
      c_rehash directories by requiring applications to parse hash link
      targets as files containing potentially *multiple* certificates rather
      than exactly one.
    - debian/patches/tls12_workarounds.patch: Workaround large client hello
      issues when TLS 1.1 and lower is in use
    - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-*
    - debian/patches/ubuntu_deb676533_arm_asm.patch: Enable arm assembly
      code.
    - debian/patches/arm64-support: Add basic arm64 support (no assembler)
    - debian/rules: Enable optimized 64bit elliptic curve code contributed
      by Google.
  * debian/patches/tls12_workarounds.patch: updated to also disable TLS 1.2
    in test suite since we disable it in the client.
  * Disable compression to avoid CRIME systemwide (CVE-2012-4929).
  * Dropped changes:
    - debian/patches/ubuntu_deb676533_arm_asm.patch, applied in Debian.

applied/ubuntu/saucy 2013-07-15 12:57:52 UTC 2013-07-15
Import patches-applied version 1.0.1e-3ubuntu1 to applied/ubuntu/saucy-proposed

Author: Matthias Klose
Author Date: 2013-07-15 12:07:52 UTC

Import patches-applied version 1.0.1e-3ubuntu1 to applied/ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 69eaa408f2f7d2ab39f2dcd8f6a791581621b078
Unapplied parent: 77e6a559eef0c18800e934435a64a2b004e2da30

New changelog entries:
  * Merge with Debian, remaining changes.
    - debian/libssl1.0.0.postinst:
      + Display a system restart required notification on libssl1.0.0
        upgrade on servers.
      + Use a different priority for libssl1.0.0/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
    - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
      libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
      in Debian).
    - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
      rules}: Move runtime libraries to /lib, for the benefit of
      wpasupplicant.
    - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
      .pc.
    - debian/rules:
      + Don't run 'make test' when cross-building.
      + Use host compiler when cross-building. Patch from Neil Williams.
      + Don't build for processors no longer supported: i586 (on i386)
      + Fix Makefile to properly clean up libs/ dirs in clean target.
      + Replace duplicate files in the doc directory with symlinks.
    - Unapply patch c_rehash-multi and comment it out in the series as it
      breaks parsing of certificates with CRLF line endings and other cases
      (see Debian #642314 for discussion), it also changes the semantics of
      c_rehash directories by requiring applications to parse hash link
      targets as files containing potentially *multiple* certificates rather
      than exactly one.
    - debian/patches/tls12_workarounds.patch: Workaround large client hello
      issues when TLS 1.1 and lower is in use
    - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-*
    - debian/patches/ubuntu_deb676533_arm_asm.patch: Enable arm assembly
      code.
    - debian/patches/arm64-support: Add basic arm64 support (no assembler)
    - debian/rules: Enable optimized 64bit elliptic curve code contributed
      by Google.
  * debian/patches/tls12_workarounds.patch: updated to also disable TLS 1.2
    in test suite since we disable it in the client.
  * Disable compression to avoid CRIME systemwide (CVE-2012-4929).
  * Dropped changes:
    - debian/patches/ubuntu_deb676533_arm_asm.patch, applied in Debian.

ubuntu/saucy-proposed 2013-07-15 12:57:52 UTC 2013-07-15
Import patches-unapplied version 1.0.1e-3ubuntu1 to ubuntu/saucy-proposed

Author: Matthias Klose
Author Date: 2013-07-15 12:07:52 UTC

Import patches-unapplied version 1.0.1e-3ubuntu1 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 8ce1bbd8473d512f65274dbd5fa5b0845fb8127e

New changelog entries:
  * Merge with Debian, remaining changes.
    - debian/libssl1.0.0.postinst:
      + Display a system restart required notification on libssl1.0.0
        upgrade on servers.
      + Use a different priority for libssl1.0.0/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
    - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
      libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
      in Debian).
    - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
      rules}: Move runtime libraries to /lib, for the benefit of
      wpasupplicant.
    - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
      .pc.
    - debian/rules:
      + Don't run 'make test' when cross-building.
      + Use host compiler when cross-building. Patch from Neil Williams.
      + Don't build for processors no longer supported: i586 (on i386)
      + Fix Makefile to properly clean up libs/ dirs in clean target.
      + Replace duplicate files in the doc directory with symlinks.
    - Unapply patch c_rehash-multi and comment it out in the series as it
      breaks parsing of certificates with CRLF line endings and other cases
      (see Debian #642314 for discussion), it also changes the semantics of
      c_rehash directories by requiring applications to parse hash link
      targets as files containing potentially *multiple* certificates rather
      than exactly one.
    - debian/patches/tls12_workarounds.patch: Workaround large client hello
      issues when TLS 1.1 and lower is in use
    - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-*
    - debian/patches/ubuntu_deb676533_arm_asm.patch: Enable arm assembly
      code.
    - debian/patches/arm64-support: Add basic arm64 support (no assembler)
    - debian/rules: Enable optimized 64bit elliptic curve code contributed
      by Google.
  * debian/patches/tls12_workarounds.patch: updated to also disable TLS 1.2
    in test suite since we disable it in the client.
  * Disable compression to avoid CRIME systemwide (CVE-2012-4929).
  * Dropped changes:
    - debian/patches/ubuntu_deb676533_arm_asm.patch, applied in Debian.

ubuntu/lucid-proposed 2013-06-10 17:33:27 UTC 2013-06-10
Import patches-unapplied version 0.9.8k-7ubuntu8.15 to ubuntu/lucid-proposed

Author: Seth Arnold
Author Date: 2013-06-04 03:37:34 UTC

Import patches-unapplied version 0.9.8k-7ubuntu8.15 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 589dca1defdb786453e9370c9c5cba678b68aaf5

New changelog entries:
  * SECURITY UPDATE: Disable compression to avoid CRIME systemwide
    (LP: #1187195)
    - CVE-2012-4929
    - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
      zlib to compress SSL/TLS unless the environment variable
      OPENSSL_DEFAULT_ZLIB is set in the environment during library
      initialization.
    - Introduced to assist with programs not yet updated to provide their own
      controls on compression, such as Postfix
    - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch

applied/ubuntu/raring-proposed 2013-06-10 17:33:27 UTC 2013-06-10
Import patches-applied version 1.0.1c-4ubuntu8.1 to applied/ubuntu/raring-pro...

Author: Seth Arnold
Author Date: 2013-06-04 01:13:47 UTC

Import patches-applied version 1.0.1c-4ubuntu8.1 to applied/ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 09c5c535c096dcae490bc936d01e8ec9d16c9e6f
Unapplied parent: bb2bc3e876bb884e75052bc679435b6b0a47c325

New changelog entries:
  * SECURITY UPDATE: Disable compression to avoid CRIME systemwide
    (LP: #1187195)
    - CVE-2012-4929
    - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
      zlib to compress SSL/TLS unless the environment variable
      OPENSSL_DEFAULT_ZLIB is set in the environment during library
      initialization.
    - Introduced to assist with programs not yet updated to provide their own
      controls on compression, such as Postfix
    - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch

applied/ubuntu/quantal-proposed 2013-06-10 17:33:27 UTC 2013-06-10
Import patches-applied version 1.0.1c-3ubuntu2.5 to applied/ubuntu/quantal-pr...

Author: Seth Arnold
Author Date: 2013-06-04 01:13:33 UTC

Import patches-applied version 1.0.1c-3ubuntu2.5 to applied/ubuntu/quantal-proposed

Imported using git-ubuntu import.

Changelog parent: 87e0dc01d218c06e971ee640368167ae061b55fd
Unapplied parent: a04723f9fc367a4d5ebb14d4bdb1eb25e7a17b67

New changelog entries:
  * SECURITY UPDATE: Disable compression to avoid CRIME systemwide
    (LP: #1187195)
    - CVE-2012-4929
    - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
      zlib to compress SSL/TLS unless the environment variable
      OPENSSL_DEFAULT_ZLIB is set in the environment during library
      initialization.
    - Introduced to assist with programs not yet updated to provide their own
      controls on compression, such as Postfix
    - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch

ubuntu/raring-proposed 2013-06-10 17:33:27 UTC 2013-06-10
Import patches-unapplied version 1.0.1c-4ubuntu8.1 to ubuntu/raring-proposed

Author: Seth Arnold
Author Date: 2013-06-04 01:13:47 UTC

Import patches-unapplied version 1.0.1c-4ubuntu8.1 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 9687c13e435979857557c270fc1c7a80bacc005d

New changelog entries:
  * SECURITY UPDATE: Disable compression to avoid CRIME systemwide
    (LP: #1187195)
    - CVE-2012-4929
    - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
      zlib to compress SSL/TLS unless the environment variable
      OPENSSL_DEFAULT_ZLIB is set in the environment during library
      initialization.
    - Introduced to assist with programs not yet updated to provide their own
      controls on compression, such as Postfix
    - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch

ubuntu/quantal-proposed 2013-06-10 17:33:27 UTC 2013-06-10
Import patches-unapplied version 1.0.1c-3ubuntu2.5 to ubuntu/quantal-proposed

Author: Seth Arnold
Author Date: 2013-06-04 01:13:33 UTC

Import patches-unapplied version 1.0.1c-3ubuntu2.5 to ubuntu/quantal-proposed

Imported using git-ubuntu import.

Changelog parent: f21cab26413aab43712787d8cf49e1996994acc3

New changelog entries:
  * SECURITY UPDATE: Disable compression to avoid CRIME systemwide
    (LP: #1187195)
    - CVE-2012-4929
    - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
      zlib to compress SSL/TLS unless the environment variable
      OPENSSL_DEFAULT_ZLIB is set in the environment during library
      initialization.
    - Introduced to assist with programs not yet updated to provide their own
      controls on compression, such as Postfix
    - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch

applied/ubuntu/lucid-proposed 2013-06-10 17:33:27 UTC 2013-06-10
Import patches-applied version 0.9.8k-7ubuntu8.15 to applied/ubuntu/lucid-pro...

Author: Seth Arnold
Author Date: 2013-06-04 03:37:34 UTC

Import patches-applied version 0.9.8k-7ubuntu8.15 to applied/ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 21fc00425d3cae8c0f108942036066b708d34e05
Unapplied parent: a1f413c474497ce18812739a2bbefa6ec82ab5d4

New changelog entries:
  * SECURITY UPDATE: Disable compression to avoid CRIME systemwide
    (LP: #1187195)
    - CVE-2012-4929
    - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
      zlib to compress SSL/TLS unless the environment variable
      OPENSSL_DEFAULT_ZLIB is set in the environment during library
      initialization.
    - Introduced to assist with programs not yet updated to provide their own
      controls on compression, such as Postfix
    - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch

ubuntu/raring 2013-03-19 20:03:26 UTC 2013-03-19
Import patches-unapplied version 1.0.1c-4ubuntu8 to ubuntu/raring-proposed

Author: Marc Deslauriers
Author Date: 2013-03-19 18:33:14 UTC

Import patches-unapplied version 1.0.1c-4ubuntu8 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 67eb48c1aa2ff07ffe475dc075e315833edbcfda

New changelog entries:
  * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
    - debian/patches/CVE-2013-0169.patch: re-enabled patch and added extra
      commit from upstream to fix regression.
    - CVE-2013-0169

applied/ubuntu/raring 2013-03-19 20:03:26 UTC 2013-03-19
Import patches-applied version 1.0.1c-4ubuntu8 to applied/ubuntu/raring-proposed

Author: Marc Deslauriers
Author Date: 2013-03-19 18:33:14 UTC

Import patches-applied version 1.0.1c-4ubuntu8 to applied/ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 5699adf2148cf722ce4db7a92e7450049266c550
Unapplied parent: 0a61ed636a1b4e83911eeb3cb73d705660ed6e06

New changelog entries:
  * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
    - debian/patches/CVE-2013-0169.patch: re-enabled patch and added extra
      commit from upstream to fix regression.
    - CVE-2013-0169

applied/debian/squeeze 2013-02-23 16:22:40 UTC 2013-02-23
Import patches-applied version 0.9.8o-4squeeze14 to applied/debian/squeeze

Author: Kurt Roeckx
Author Date: 2013-02-11 19:41:07 UTC

Import patches-applied version 0.9.8o-4squeeze14 to applied/debian/squeeze

Imported using git-ubuntu import.

Changelog parent: bff175c9ff0a55e3d6e2398ea731012d63d3feef
Unapplied parent: 26587511c08a835cf7476915dac5e16c57d55541

New changelog entries:
  * Fix CVE-2013-0166 and CVE-2013-0169

debian/squeeze 2013-02-23 16:22:40 UTC 2013-02-23
Import patches-unapplied version 0.9.8o-4squeeze14 to debian/squeeze

Author: Kurt Roeckx
Author Date: 2013-02-11 19:41:07 UTC

Import patches-unapplied version 0.9.8o-4squeeze14 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 415a44361bfc0a717e1b9b0ac460cff9bd51e0a1

New changelog entries:
  * Fix CVE-2013-0166 and CVE-2013-0169

ubuntu/hardy-security 2013-02-21 13:33:18 UTC 2013-02-21
Import patches-unapplied version 0.9.8g-4ubuntu3.20 to ubuntu/hardy-security

Author: Marc Deslauriers
Author Date: 2013-02-18 20:49:05 UTC

Import patches-unapplied version 0.9.8g-4ubuntu3.20 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 3e02728eac4fd4d74df24cc244bc6d3dfb45a04c

New changelog entries:
  * SECURITY UPDATE: denial of service via invalid OCSP key
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200
    - CVE-2013-0166
  * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=270881316664396326c461ec7a124aec2c6cc081
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=35a65e814beb899fa1c69a7673a8956c6059dce7
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a33e6702a0db1b9f4648d247b8b28a5c0e42ca13
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2928cb4c82d6516d9e65ede4901a5957d8c39c32
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b3a959a337b8083bc855623f24cebaf43a477350
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=be88529753897c29c677d1becb321f0072c0659c
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=99f5093347c65eecbd05f0668aea94b32fcf20d7
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=24b28060975c01b749391778d13ec2ea1323a1aa
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=924b11742296c13816a9f301e76fea023003920c
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c23a7458209e773ffcd42bdcfa5cf2564df86bd7
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1909df070fb5c5b87246a2de19c17588deba5818
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=33ccde59a1ece0f68cc4b64e930001ab230725b1
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5f9345a2f0b592457fc4a619ac98ea59ffd394ba
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=40e0de03955e218f45a7979cb46fba193f4e7fc2
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1213e6c3c2d7abeeb886d911a3c6c06c5da2e3a4
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ca3b81c8580a609edac1f13a3f62d4348d66c3a8
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6351adecb4726476def5f5ad904a7d2e63480d53
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb092ef4fca897344daf7189526f5f26be6487ce
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=59b1129e0a50fdf7e4e58d7c355783a7bfc1f44c
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4ea7019165db53b92b4284461c5c88bfe7c6e57d
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=76c61a5d1adb92388f39e585e4af860a20feb9bb
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ff58eaa4b645a38f3a226cf566d969fffa64ef94
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5864fd2061f43dc8f89b5755f19bd2a35dec636c
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fbe621d08f2026926c91c1c5f386b27605e39a43
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a8655eb21a7f9a313db18daa6ccaed928fb6027c
    - CVE-2013-0169

ubuntu/oneiric-devel 2013-02-21 13:33:18 UTC 2013-02-21
Import patches-unapplied version 1.0.0e-2ubuntu4.7 to ubuntu/oneiric-security

Author: Marc Deslauriers
Author Date: 2013-02-18 19:55:40 UTC

Import patches-unapplied version 1.0.0e-2ubuntu4.7 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 6c9ee61a5f1e66e3bc866ffae7ceb42279e639fb

New changelog entries:
  * SECURITY UPDATE: denial of service via invalid OCSP key
    - debian/patches/CVE-2013-0166.patch: properly handle NULL key in
      crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
    - CVE-2013-0166
  * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
    - debian/patches/CVE-2013-0169.patch: massive code changes
    - CVE-2013-0169

ubuntu/hardy-updates 2013-02-21 13:33:18 UTC 2013-02-21
Import patches-unapplied version 0.9.8g-4ubuntu3.20 to ubuntu/hardy-security

Author: Marc Deslauriers
Author Date: 2013-02-18 20:49:05 UTC

Import patches-unapplied version 0.9.8g-4ubuntu3.20 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 3e02728eac4fd4d74df24cc244bc6d3dfb45a04c

New changelog entries:
  * SECURITY UPDATE: denial of service via invalid OCSP key
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200
    - CVE-2013-0166
  * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=270881316664396326c461ec7a124aec2c6cc081
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=35a65e814beb899fa1c69a7673a8956c6059dce7
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a33e6702a0db1b9f4648d247b8b28a5c0e42ca13
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2928cb4c82d6516d9e65ede4901a5957d8c39c32
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b3a959a337b8083bc855623f24cebaf43a477350
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=be88529753897c29c677d1becb321f0072c0659c
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=99f5093347c65eecbd05f0668aea94b32fcf20d7
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=24b28060975c01b749391778d13ec2ea1323a1aa
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=924b11742296c13816a9f301e76fea023003920c
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c23a7458209e773ffcd42bdcfa5cf2564df86bd7
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1909df070fb5c5b87246a2de19c17588deba5818
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=33ccde59a1ece0f68cc4b64e930001ab230725b1
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5f9345a2f0b592457fc4a619ac98ea59ffd394ba
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=40e0de03955e218f45a7979cb46fba193f4e7fc2
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1213e6c3c2d7abeeb886d911a3c6c06c5da2e3a4
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ca3b81c8580a609edac1f13a3f62d4348d66c3a8
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6351adecb4726476def5f5ad904a7d2e63480d53
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb092ef4fca897344daf7189526f5f26be6487ce
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=59b1129e0a50fdf7e4e58d7c355783a7bfc1f44c
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4ea7019165db53b92b4284461c5c88bfe7c6e57d
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=76c61a5d1adb92388f39e585e4af860a20feb9bb
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ff58eaa4b645a38f3a226cf566d969fffa64ef94
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5864fd2061f43dc8f89b5755f19bd2a35dec636c
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fbe621d08f2026926c91c1c5f386b27605e39a43
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a8655eb21a7f9a313db18daa6ccaed928fb6027c
    - CVE-2013-0169

ubuntu/oneiric-updates 2013-02-21 13:33:18 UTC 2013-02-21
Import patches-unapplied version 1.0.0e-2ubuntu4.7 to ubuntu/oneiric-security

Author: Marc Deslauriers
Author Date: 2013-02-18 19:55:40 UTC

Import patches-unapplied version 1.0.0e-2ubuntu4.7 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 6c9ee61a5f1e66e3bc866ffae7ceb42279e639fb

New changelog entries:
  * SECURITY UPDATE: denial of service via invalid OCSP key
    - debian/patches/CVE-2013-0166.patch: properly handle NULL key in
      crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
    - CVE-2013-0166
  * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
    - debian/patches/CVE-2013-0169.patch: massive code changes
    - CVE-2013-0169

ubuntu/oneiric-security 2013-02-21 13:33:18 UTC 2013-02-21
Import patches-unapplied version 1.0.0e-2ubuntu4.7 to ubuntu/oneiric-security

Author: Marc Deslauriers
Author Date: 2013-02-18 19:55:40 UTC

Import patches-unapplied version 1.0.0e-2ubuntu4.7 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 6c9ee61a5f1e66e3bc866ffae7ceb42279e639fb

New changelog entries:
  * SECURITY UPDATE: denial of service via invalid OCSP key
    - debian/patches/CVE-2013-0166.patch: properly handle NULL key in
      crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
    - CVE-2013-0166
  * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
    - debian/patches/CVE-2013-0169.patch: massive code changes
    - CVE-2013-0169

applied/ubuntu/hardy-devel 2013-02-21 13:33:18 UTC 2013-02-21
Import patches-applied version 0.9.8g-4ubuntu3.20 to applied/ubuntu/hardy-sec...

Author: Marc Deslauriers
Author Date: 2013-02-18 20:49:05 UTC

Import patches-applied version 0.9.8g-4ubuntu3.20 to applied/ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 75422c17521e6e04ba61dd0c486ab499e9370024
Unapplied parent: 183fff5ef6ed3959a922e75f3626fe04d789677f

New changelog entries:
  * SECURITY UPDATE: denial of service via invalid OCSP key
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200
    - CVE-2013-0166
  * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=270881316664396326c461ec7a124aec2c6cc081
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=35a65e814beb899fa1c69a7673a8956c6059dce7
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a33e6702a0db1b9f4648d247b8b28a5c0e42ca13
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2928cb4c82d6516d9e65ede4901a5957d8c39c32
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b3a959a337b8083bc855623f24cebaf43a477350
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=be88529753897c29c677d1becb321f0072c0659c
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=99f5093347c65eecbd05f0668aea94b32fcf20d7
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=24b28060975c01b749391778d13ec2ea1323a1aa
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=924b11742296c13816a9f301e76fea023003920c
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c23a7458209e773ffcd42bdcfa5cf2564df86bd7
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1909df070fb5c5b87246a2de19c17588deba5818
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=33ccde59a1ece0f68cc4b64e930001ab230725b1
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5f9345a2f0b592457fc4a619ac98ea59ffd394ba
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=40e0de03955e218f45a7979cb46fba193f4e7fc2
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1213e6c3c2d7abeeb886d911a3c6c06c5da2e3a4
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ca3b81c8580a609edac1f13a3f62d4348d66c3a8
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6351adecb4726476def5f5ad904a7d2e63480d53
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb092ef4fca897344daf7189526f5f26be6487ce
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=59b1129e0a50fdf7e4e58d7c355783a7bfc1f44c
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4ea7019165db53b92b4284461c5c88bfe7c6e57d
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=76c61a5d1adb92388f39e585e4af860a20feb9bb
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ff58eaa4b645a38f3a226cf566d969fffa64ef94
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5864fd2061f43dc8f89b5755f19bd2a35dec636c
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fbe621d08f2026926c91c1c5f386b27605e39a43
    - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a8655eb21a7f9a313db18daa6ccaed928fb6027c
    - CVE-2013-0169

101200 of 316 results

Other repositories

Name Last Modified
lp:ubuntu/+source/openssl 2020-06-28
11 of 1 result
You can't create new repositories for openssl in Ubuntu.