: Code : openssl098 package : Ubuntu

Ubuntu
openssl098 package

Name	Status	Last Modified	Last Commit
lp:ubuntu/wily/openssl098	1 Development	2015-05-07 12:46:10 UTC 2015-05-07	7. [ Louis Bouchard ] * Bring up to date... Author: Marc Deslauriers Revision Date: 2014-07-02 09:16:49 UTC [ Louis Bouchard ] * Bring up to date with latest security patches from Ubuntu 10.04: (LP: #1331452) * SECURITY UPDATE: MITM via change cipher spec - debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c, ssl/ssl3.h. - debian/patches/CVE-2014-0224-2.patch: don't accept zero length master secrets in ssl/s3_pkt.c. - debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in ssl/s3_clnt.c. - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after sending finished ssl/s3_clnt.c. - CVE-2014-0224 * SECURITY UPDATE: denial of service via DTLS recursion flaw - debian/patches/CVE-2014-0221.patch: handle DTLS hello request without recursion in ssl/d1_both.c. - CVE-2014-0221 * SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment - debian/patches/CVE-2014-0195.patch: add consistency check for DTLS fragments in ssl/d1_both.c. - CVE-2014-0195 * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack - debian/patches/CVE-2013-0169.patch: massive code changes - CVE-2013-0169 * SECURITY UPDATE: denial of service via invalid OCSP key - debian/patches/CVE-2013-0166.patch: properly handle NULL key in crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c. - CVE-2013-0166 * SECURITY UPDATE: denial of service attack in DTLS implementation - debian/patches/CVE_2012-2333.patch: guard for integer overflow before skipping explicit IV - CVE-2012-2333 * SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7 - debian/patches/CVE-2012-0884.patch: use a random key if RSA decryption fails to avoid leaking timing information - debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto errors in PKCS7_decrypt and initialize tkeylen properly when encrypting CMS messages. - CVE-2012-0884 [ Marc Deslauriers ] * debian/patches/rehash_pod.patch: updated to fix FTBFS. * debian/patches/fix-pod-errors.patch: fix other pod files to fix FTBFS.
lp:ubuntu/vivid/openssl098	2 Mature	2014-10-24 19:54:16 UTC 2014-10-24	7. [ Louis Bouchard ] * Bring up to date... Author: Marc Deslauriers Revision Date: 2014-07-02 09:16:49 UTC [ Louis Bouchard ] * Bring up to date with latest security patches from Ubuntu 10.04: (LP: #1331452) * SECURITY UPDATE: MITM via change cipher spec - debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c, ssl/ssl3.h. - debian/patches/CVE-2014-0224-2.patch: don't accept zero length master secrets in ssl/s3_pkt.c. - debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in ssl/s3_clnt.c. - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after sending finished ssl/s3_clnt.c. - CVE-2014-0224 * SECURITY UPDATE: denial of service via DTLS recursion flaw - debian/patches/CVE-2014-0221.patch: handle DTLS hello request without recursion in ssl/d1_both.c. - CVE-2014-0221 * SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment - debian/patches/CVE-2014-0195.patch: add consistency check for DTLS fragments in ssl/d1_both.c. - CVE-2014-0195 * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack - debian/patches/CVE-2013-0169.patch: massive code changes - CVE-2013-0169 * SECURITY UPDATE: denial of service via invalid OCSP key - debian/patches/CVE-2013-0166.patch: properly handle NULL key in crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c. - CVE-2013-0166 * SECURITY UPDATE: denial of service attack in DTLS implementation - debian/patches/CVE_2012-2333.patch: guard for integer overflow before skipping explicit IV - CVE-2012-2333 * SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7 - debian/patches/CVE-2012-0884.patch: use a random key if RSA decryption fails to avoid leaking timing information - debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto errors in PKCS7_decrypt and initialize tkeylen properly when encrypting CMS messages. - CVE-2012-0884 [ Marc Deslauriers ] * debian/patches/rehash_pod.patch: updated to fix FTBFS. * debian/patches/fix-pod-errors.patch: fix other pod files to fix FTBFS.
lp:ubuntu/trusty-updates/openssl098	2 Mature	2014-07-02 15:33:29 UTC 2014-07-02	7. [ Louis Bouchard ] * Bring up to date... Author: Marc Deslauriers Revision Date: 2014-07-02 09:13:28 UTC [ Louis Bouchard ] * Bring up to date with latest security patches from Ubuntu 10.04: (LP: #1331452) * SECURITY UPDATE: MITM via change cipher spec - debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c, ssl/ssl3.h. - debian/patches/CVE-2014-0224-2.patch: don't accept zero length master secrets in ssl/s3_pkt.c. - debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in ssl/s3_clnt.c. - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after sending finished ssl/s3_clnt.c. - CVE-2014-0224 * SECURITY UPDATE: denial of service via DTLS recursion flaw - debian/patches/CVE-2014-0221.patch: handle DTLS hello request without recursion in ssl/d1_both.c. - CVE-2014-0221 * SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment - debian/patches/CVE-2014-0195.patch: add consistency check for DTLS fragments in ssl/d1_both.c. - CVE-2014-0195 * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack - debian/patches/CVE-2013-0169.patch: massive code changes - CVE-2013-0169 * SECURITY UPDATE: denial of service via invalid OCSP key - debian/patches/CVE-2013-0166.patch: properly handle NULL key in crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c. - CVE-2013-0166 * SECURITY UPDATE: denial of service attack in DTLS implementation - debian/patches/CVE_2012-2333.patch: guard for integer overflow before skipping explicit IV - CVE-2012-2333 * SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7 - debian/patches/CVE-2012-0884.patch: use a random key if RSA decryption fails to avoid leaking timing information - debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto errors in PKCS7_decrypt and initialize tkeylen properly when encrypting CMS messages. - CVE-2012-0884 [ Marc Deslauriers ] * debian/patches/rehash_pod.patch: updated to fix FTBFS. * debian/patches/fix-pod-errors.patch: fix other pod files to fix FTBFS.
lp:ubuntu/saucy-updates/openssl098	2 Mature	2014-07-02 15:33:21 UTC 2014-07-02	7. * SECURITY UPDATE: regression with ce... Author: Louis Bouchard Revision Date: 2014-06-18 12:22:48 UTC * SECURITY UPDATE: regression with certain renegotiations (LP: #1332643) - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after sending finished ssl/s3_clnt.c. * Bring up to date with latest security patches from Ubuntu 10.04: (LP: #1331452) * SECURITY UPDATE: MITM via change cipher spec - debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c, ssl/ssl3.h. - debian/patches/CVE-2014-0224-2.patch: don't accept zero length master secrets in ssl/s3_pkt.c. - debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in ssl/s3_clnt.c. - CVE-2014-0224 * SECURITY UPDATE: denial of service via DTLS recursion flaw - debian/patches/CVE-2014-0221.patch: handle DTLS hello request without recursion in ssl/d1_both.c. - CVE-2014-0221 * SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment - debian/patches/CVE-2014-0195.patch: add consistency check for DTLS fragments in ssl/d1_both.c. - CVE-2014-0195 * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack - debian/patches/CVE-2013-0169.patch: massive code changes - CVE-2013-0169 * SECURITY UPDATE: denial of service via invalid OCSP key - debian/patches/CVE-2013-0166.patch: properly handle NULL key in crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c. - CVE-2013-0166 * SECURITY UPDATE: denial of service attack in DTLS implementation - debian/patches/CVE_2012-2333.patch: guard for integer overflow before skipping explicit IV - CVE-2012-2333 * SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7 - debian/patches/CVE-2012-0884.patch: use a random key if RSA decryption fails to avoid leaking timing information - CVE-2012-0884 * debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto - errors in PKCS7_decrypt and initialize tkeylen properly when encrypting CMS messages.
lp:ubuntu/trusty-security/openssl098	2 Mature	2014-07-02 15:18:08 UTC 2014-07-02	7. [ Louis Bouchard ] * Bring up to date... Author: Marc Deslauriers Revision Date: 2014-07-02 09:13:28 UTC [ Louis Bouchard ] * Bring up to date with latest security patches from Ubuntu 10.04: (LP: #1331452) * SECURITY UPDATE: MITM via change cipher spec - debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c, ssl/ssl3.h. - debian/patches/CVE-2014-0224-2.patch: don't accept zero length master secrets in ssl/s3_pkt.c. - debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in ssl/s3_clnt.c. - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after sending finished ssl/s3_clnt.c. - CVE-2014-0224 * SECURITY UPDATE: denial of service via DTLS recursion flaw - debian/patches/CVE-2014-0221.patch: handle DTLS hello request without recursion in ssl/d1_both.c. - CVE-2014-0221 * SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment - debian/patches/CVE-2014-0195.patch: add consistency check for DTLS fragments in ssl/d1_both.c. - CVE-2014-0195 * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack - debian/patches/CVE-2013-0169.patch: massive code changes - CVE-2013-0169 * SECURITY UPDATE: denial of service via invalid OCSP key - debian/patches/CVE-2013-0166.patch: properly handle NULL key in crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c. - CVE-2013-0166 * SECURITY UPDATE: denial of service attack in DTLS implementation - debian/patches/CVE_2012-2333.patch: guard for integer overflow before skipping explicit IV - CVE-2012-2333 * SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7 - debian/patches/CVE-2012-0884.patch: use a random key if RSA decryption fails to avoid leaking timing information - debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto errors in PKCS7_decrypt and initialize tkeylen properly when encrypting CMS messages. - CVE-2012-0884 [ Marc Deslauriers ] * debian/patches/rehash_pod.patch: updated to fix FTBFS. * debian/patches/fix-pod-errors.patch: fix other pod files to fix FTBFS.
lp:ubuntu/saucy-security/openssl098	2 Mature	2014-07-02 15:17:58 UTC 2014-07-02	7. * SECURITY UPDATE: regression with ce... Author: Louis Bouchard Revision Date: 2014-06-18 12:22:48 UTC * SECURITY UPDATE: regression with certain renegotiations (LP: #1332643) - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after sending finished ssl/s3_clnt.c. * Bring up to date with latest security patches from Ubuntu 10.04: (LP: #1331452) * SECURITY UPDATE: MITM via change cipher spec - debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c, ssl/ssl3.h. - debian/patches/CVE-2014-0224-2.patch: don't accept zero length master secrets in ssl/s3_pkt.c. - debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in ssl/s3_clnt.c. - CVE-2014-0224 * SECURITY UPDATE: denial of service via DTLS recursion flaw - debian/patches/CVE-2014-0221.patch: handle DTLS hello request without recursion in ssl/d1_both.c. - CVE-2014-0221 * SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment - debian/patches/CVE-2014-0195.patch: add consistency check for DTLS fragments in ssl/d1_both.c. - CVE-2014-0195 * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack - debian/patches/CVE-2013-0169.patch: massive code changes - CVE-2013-0169 * SECURITY UPDATE: denial of service via invalid OCSP key - debian/patches/CVE-2013-0166.patch: properly handle NULL key in crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c. - CVE-2013-0166 * SECURITY UPDATE: denial of service attack in DTLS implementation - debian/patches/CVE_2012-2333.patch: guard for integer overflow before skipping explicit IV - CVE-2012-2333 * SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7 - debian/patches/CVE-2012-0884.patch: use a random key if RSA decryption fails to avoid leaking timing information - CVE-2012-0884 * debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto - errors in PKCS7_decrypt and initialize tkeylen properly when encrypting CMS messages.
lp:ubuntu/utopic-proposed/openssl098	2 Mature	2014-07-02 14:25:17 UTC 2014-07-02	7. [ Louis Bouchard ] * Bring up to date... Author: Marc Deslauriers Revision Date: 2014-07-02 09:16:49 UTC [ Louis Bouchard ] * Bring up to date with latest security patches from Ubuntu 10.04: (LP: #1331452) * SECURITY UPDATE: MITM via change cipher spec - debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c, ssl/ssl3.h. - debian/patches/CVE-2014-0224-2.patch: don't accept zero length master secrets in ssl/s3_pkt.c. - debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in ssl/s3_clnt.c. - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after sending finished ssl/s3_clnt.c. - CVE-2014-0224 * SECURITY UPDATE: denial of service via DTLS recursion flaw - debian/patches/CVE-2014-0221.patch: handle DTLS hello request without recursion in ssl/d1_both.c. - CVE-2014-0221 * SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment - debian/patches/CVE-2014-0195.patch: add consistency check for DTLS fragments in ssl/d1_both.c. - CVE-2014-0195 * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack - debian/patches/CVE-2013-0169.patch: massive code changes - CVE-2013-0169 * SECURITY UPDATE: denial of service via invalid OCSP key - debian/patches/CVE-2013-0166.patch: properly handle NULL key in crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c. - CVE-2013-0166 * SECURITY UPDATE: denial of service attack in DTLS implementation - debian/patches/CVE_2012-2333.patch: guard for integer overflow before skipping explicit IV - CVE-2012-2333 * SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7 - debian/patches/CVE-2012-0884.patch: use a random key if RSA decryption fails to avoid leaking timing information - debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto errors in PKCS7_decrypt and initialize tkeylen properly when encrypting CMS messages. - CVE-2012-0884 [ Marc Deslauriers ] * debian/patches/rehash_pod.patch: updated to fix FTBFS. * debian/patches/fix-pod-errors.patch: fix other pod files to fix FTBFS.
lp:ubuntu/precise-security/openssl098	1 Development	2014-07-02 12:48:41 UTC 2014-07-02	7. * SECURITY UPDATE: regression with ce... Author: Louis Bouchard Revision Date: 2014-06-18 12:22:48 UTC * SECURITY UPDATE: regression with certain renegotiations (LP: #1332643) - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after sending finished ssl/s3_clnt.c. * Bring up to date with latest security patches from Ubuntu 10.04: (LP: #1331452) * SECURITY UPDATE: MITM via change cipher spec - debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c, ssl/ssl3.h. - debian/patches/CVE-2014-0224-2.patch: don't accept zero length master secrets in ssl/s3_pkt.c. - debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in ssl/s3_clnt.c. - CVE-2014-0224 * SECURITY UPDATE: denial of service via DTLS recursion flaw - debian/patches/CVE-2014-0221.patch: handle DTLS hello request without recursion in ssl/d1_both.c. - CVE-2014-0221 * SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment - debian/patches/CVE-2014-0195.patch: add consistency check for DTLS fragments in ssl/d1_both.c. - CVE-2014-0195 * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack - debian/patches/CVE-2013-0169.patch: massive code changes - CVE-2013-0169 * SECURITY UPDATE: denial of service via invalid OCSP key - debian/patches/CVE-2013-0166.patch: properly handle NULL key in crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c. - CVE-2013-0166 * SECURITY UPDATE: denial of service attack in DTLS implementation - debian/patches/CVE_2012-2333.patch: guard for integer overflow before skipping explicit IV - CVE-2012-2333 * SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7 - debian/patches/CVE-2012-0884.patch: use a random key if RSA decryption fails to avoid leaking timing information - CVE-2012-0884 * debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto - errors in PKCS7_decrypt and initialize tkeylen properly when encrypting CMS messages.
lp:ubuntu/utopic/openssl098	1 Development	2014-07-02 09:16:49 UTC 2014-07-02	7. [ Louis Bouchard ] * Bring up to date... Author: Marc Deslauriers Revision Date: 2014-07-02 09:16:49 UTC [ Louis Bouchard ] * Bring up to date with latest security patches from Ubuntu 10.04: (LP: #1331452) * SECURITY UPDATE: MITM via change cipher spec - debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c, ssl/ssl3.h. - debian/patches/CVE-2014-0224-2.patch: don't accept zero length master secrets in ssl/s3_pkt.c. - debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in ssl/s3_clnt.c. - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after sending finished ssl/s3_clnt.c. - CVE-2014-0224 * SECURITY UPDATE: denial of service via DTLS recursion flaw - debian/patches/CVE-2014-0221.patch: handle DTLS hello request without recursion in ssl/d1_both.c. - CVE-2014-0221 * SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment - debian/patches/CVE-2014-0195.patch: add consistency check for DTLS fragments in ssl/d1_both.c. - CVE-2014-0195 * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack - debian/patches/CVE-2013-0169.patch: massive code changes - CVE-2013-0169 * SECURITY UPDATE: denial of service via invalid OCSP key - debian/patches/CVE-2013-0166.patch: properly handle NULL key in crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c. - CVE-2013-0166 * SECURITY UPDATE: denial of service attack in DTLS implementation - debian/patches/CVE_2012-2333.patch: guard for integer overflow before skipping explicit IV - CVE-2012-2333 * SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7 - debian/patches/CVE-2012-0884.patch: use a random key if RSA decryption fails to avoid leaking timing information - debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto errors in PKCS7_decrypt and initialize tkeylen properly when encrypting CMS messages. - CVE-2012-0884 [ Marc Deslauriers ] * debian/patches/rehash_pod.patch: updated to fix FTBFS. * debian/patches/fix-pod-errors.patch: fix other pod files to fix FTBFS.
lp:ubuntu/precise-updates/openssl098	2 Mature	2014-06-18 12:22:48 UTC 2014-06-18	7. * SECURITY UPDATE: regression with ce... Author: Louis Bouchard Revision Date: 2014-06-18 12:22:48 UTC * SECURITY UPDATE: regression with certain renegotiations (LP: #1332643) - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after sending finished ssl/s3_clnt.c. * Bring up to date with latest security patches from Ubuntu 10.04: (LP: #1331452) * SECURITY UPDATE: MITM via change cipher spec - debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c, ssl/ssl3.h. - debian/patches/CVE-2014-0224-2.patch: don't accept zero length master secrets in ssl/s3_pkt.c. - debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in ssl/s3_clnt.c. - CVE-2014-0224 * SECURITY UPDATE: denial of service via DTLS recursion flaw - debian/patches/CVE-2014-0221.patch: handle DTLS hello request without recursion in ssl/d1_both.c. - CVE-2014-0221 * SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment - debian/patches/CVE-2014-0195.patch: add consistency check for DTLS fragments in ssl/d1_both.c. - CVE-2014-0195 * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack - debian/patches/CVE-2013-0169.patch: massive code changes - CVE-2013-0169 * SECURITY UPDATE: denial of service via invalid OCSP key - debian/patches/CVE-2013-0166.patch: properly handle NULL key in crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c. - CVE-2013-0166 * SECURITY UPDATE: denial of service attack in DTLS implementation - debian/patches/CVE_2012-2333.patch: guard for integer overflow before skipping explicit IV - CVE-2012-2333 * SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7 - debian/patches/CVE-2012-0884.patch: use a random key if RSA decryption fails to avoid leaking timing information - CVE-2012-0884 * debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto - errors in PKCS7_decrypt and initialize tkeylen properly when encrypting CMS messages.
lp:ubuntu/trusty/openssl098	2 Mature	2013-10-20 14:23:31 UTC 2013-10-20	6. * Bring up to date with latest securi... Author: Jamie Strandboge Revision Date: 2012-04-24 10:06:47 UTC * Bring up to date with latest security patches from Ubuntu 11.04: * SECURITY UPDATE: ECDSA private key timing attack - debian/patches/CVE-2011-1945.patch: compute with fixed scalar length - CVE-2011-1945 * SECURITY UPDATE: ECDH ciphersuite denial of service - debian/patches/CVE-2011-3210.patch: fix memory usage for thread safety - CVE-2011-3210 * SECURITY UPDATE: DTLS plaintext recovery attack - debian/patches/CVE-2011-4108.patch: perform all computations before discarding messages - CVE-2011-4108 * SECURITY UPDATE: policy check double free vulnerability - debian/patches/CVE-2011-4019.patch: only free domain policyin one location - CVE-2011-4019 * SECURITY UPDATE: SSL 3.0 block padding exposure - debian/patches/CVE-2011-4576.patch: clear bytes used for block padding of SSL 3.0 records. - CVE-2011-4576 * SECURITY UPDATE: malformed RFC 3779 data denial of service attack - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779 data from triggering an assertion failure - CVE-2011-4577 * SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake restart for SSL/TLS. - CVE-2011-4619 * SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC - CVE-2012-0050 * SECURITY UPDATE: NULL pointer dereference in S/MIME messages with broken headers - debian/patches/CVE-2006-7250+2012-1165.patch: adjust mime_hdr_cmp() and mime_param_cmp() to not dereference the compared strings if either is NULL - CVE-2006-7250 - CVE-2012-1165 * SECURITY UPDATE: fix various overflows - debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c, crypto/buffer.c and crypto/mem.c to verify size of lengths - CVE-2012-2110 * SECURITY UPDATE: incomplete fix for CVE-2012-2110 - debian/patches/CVE-2012-2131.patch: also verify 'len' in BUF_MEM_grow and BUF_MEM_grow_clean is non-negative - CVE-2012-2131 * debian/patches/CVE-2012-2110b.patch: Use correct error code in BUF_MEM_grow_clean()
lp:ubuntu/saucy/openssl098	2 Mature	2013-04-26 08:47:54 UTC 2013-04-26	6. * Bring up to date with latest securi... Author: Jamie Strandboge Revision Date: 2012-04-24 10:06:47 UTC * Bring up to date with latest security patches from Ubuntu 11.04: * SECURITY UPDATE: ECDSA private key timing attack - debian/patches/CVE-2011-1945.patch: compute with fixed scalar length - CVE-2011-1945 * SECURITY UPDATE: ECDH ciphersuite denial of service - debian/patches/CVE-2011-3210.patch: fix memory usage for thread safety - CVE-2011-3210 * SECURITY UPDATE: DTLS plaintext recovery attack - debian/patches/CVE-2011-4108.patch: perform all computations before discarding messages - CVE-2011-4108 * SECURITY UPDATE: policy check double free vulnerability - debian/patches/CVE-2011-4019.patch: only free domain policyin one location - CVE-2011-4019 * SECURITY UPDATE: SSL 3.0 block padding exposure - debian/patches/CVE-2011-4576.patch: clear bytes used for block padding of SSL 3.0 records. - CVE-2011-4576 * SECURITY UPDATE: malformed RFC 3779 data denial of service attack - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779 data from triggering an assertion failure - CVE-2011-4577 * SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake restart for SSL/TLS. - CVE-2011-4619 * SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC - CVE-2012-0050 * SECURITY UPDATE: NULL pointer dereference in S/MIME messages with broken headers - debian/patches/CVE-2006-7250+2012-1165.patch: adjust mime_hdr_cmp() and mime_param_cmp() to not dereference the compared strings if either is NULL - CVE-2006-7250 - CVE-2012-1165 * SECURITY UPDATE: fix various overflows - debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c, crypto/buffer.c and crypto/mem.c to verify size of lengths - CVE-2012-2110 * SECURITY UPDATE: incomplete fix for CVE-2012-2110 - debian/patches/CVE-2012-2131.patch: also verify 'len' in BUF_MEM_grow and BUF_MEM_grow_clean is non-negative - CVE-2012-2131 * debian/patches/CVE-2012-2110b.patch: Use correct error code in BUF_MEM_grow_clean()
lp:ubuntu/quantal-updates/openssl098	2 Mature	2012-11-07 12:45:32 UTC 2012-11-07	6. * Bring up to date with latest securi... Author: Jamie Strandboge Revision Date: 2012-04-24 10:06:47 UTC * Bring up to date with latest security patches from Ubuntu 11.04: * SECURITY UPDATE: ECDSA private key timing attack - debian/patches/CVE-2011-1945.patch: compute with fixed scalar length - CVE-2011-1945 * SECURITY UPDATE: ECDH ciphersuite denial of service - debian/patches/CVE-2011-3210.patch: fix memory usage for thread safety - CVE-2011-3210 * SECURITY UPDATE: DTLS plaintext recovery attack - debian/patches/CVE-2011-4108.patch: perform all computations before discarding messages - CVE-2011-4108 * SECURITY UPDATE: policy check double free vulnerability - debian/patches/CVE-2011-4019.patch: only free domain policyin one location - CVE-2011-4019 * SECURITY UPDATE: SSL 3.0 block padding exposure - debian/patches/CVE-2011-4576.patch: clear bytes used for block padding of SSL 3.0 records. - CVE-2011-4576 * SECURITY UPDATE: malformed RFC 3779 data denial of service attack - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779 data from triggering an assertion failure - CVE-2011-4577 * SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake restart for SSL/TLS. - CVE-2011-4619 * SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC - CVE-2012-0050 * SECURITY UPDATE: NULL pointer dereference in S/MIME messages with broken headers - debian/patches/CVE-2006-7250+2012-1165.patch: adjust mime_hdr_cmp() and mime_param_cmp() to not dereference the compared strings if either is NULL - CVE-2006-7250 - CVE-2012-1165 * SECURITY UPDATE: fix various overflows - debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c, crypto/buffer.c and crypto/mem.c to verify size of lengths - CVE-2012-2110 * SECURITY UPDATE: incomplete fix for CVE-2012-2110 - debian/patches/CVE-2012-2131.patch: also verify 'len' in BUF_MEM_grow and BUF_MEM_grow_clean is non-negative - CVE-2012-2131 * debian/patches/CVE-2012-2110b.patch: Use correct error code in BUF_MEM_grow_clean()
lp:ubuntu/quantal-security/openssl098	2 Mature	2012-11-07 12:45:26 UTC 2012-11-07	6. * Bring up to date with latest securi... Author: Jamie Strandboge Revision Date: 2012-04-24 10:06:47 UTC * Bring up to date with latest security patches from Ubuntu 11.04: * SECURITY UPDATE: ECDSA private key timing attack - debian/patches/CVE-2011-1945.patch: compute with fixed scalar length - CVE-2011-1945 * SECURITY UPDATE: ECDH ciphersuite denial of service - debian/patches/CVE-2011-3210.patch: fix memory usage for thread safety - CVE-2011-3210 * SECURITY UPDATE: DTLS plaintext recovery attack - debian/patches/CVE-2011-4108.patch: perform all computations before discarding messages - CVE-2011-4108 * SECURITY UPDATE: policy check double free vulnerability - debian/patches/CVE-2011-4019.patch: only free domain policyin one location - CVE-2011-4019 * SECURITY UPDATE: SSL 3.0 block padding exposure - debian/patches/CVE-2011-4576.patch: clear bytes used for block padding of SSL 3.0 records. - CVE-2011-4576 * SECURITY UPDATE: malformed RFC 3779 data denial of service attack - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779 data from triggering an assertion failure - CVE-2011-4577 * SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake restart for SSL/TLS. - CVE-2011-4619 * SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC - CVE-2012-0050 * SECURITY UPDATE: NULL pointer dereference in S/MIME messages with broken headers - debian/patches/CVE-2006-7250+2012-1165.patch: adjust mime_hdr_cmp() and mime_param_cmp() to not dereference the compared strings if either is NULL - CVE-2006-7250 - CVE-2012-1165 * SECURITY UPDATE: fix various overflows - debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c, crypto/buffer.c and crypto/mem.c to verify size of lengths - CVE-2012-2110 * SECURITY UPDATE: incomplete fix for CVE-2012-2110 - debian/patches/CVE-2012-2131.patch: also verify 'len' in BUF_MEM_grow and BUF_MEM_grow_clean is non-negative - CVE-2012-2131 * debian/patches/CVE-2012-2110b.patch: Use correct error code in BUF_MEM_grow_clean()
lp:ubuntu/raring-proposed/openssl098	2 Mature	2012-11-07 00:25:03 UTC 2012-11-07	6. * Bring up to date with latest securi... Author: Jamie Strandboge Revision Date: 2012-04-24 10:06:47 UTC * Bring up to date with latest security patches from Ubuntu 11.04: * SECURITY UPDATE: ECDSA private key timing attack - debian/patches/CVE-2011-1945.patch: compute with fixed scalar length - CVE-2011-1945 * SECURITY UPDATE: ECDH ciphersuite denial of service - debian/patches/CVE-2011-3210.patch: fix memory usage for thread safety - CVE-2011-3210 * SECURITY UPDATE: DTLS plaintext recovery attack - debian/patches/CVE-2011-4108.patch: perform all computations before discarding messages - CVE-2011-4108 * SECURITY UPDATE: policy check double free vulnerability - debian/patches/CVE-2011-4019.patch: only free domain policyin one location - CVE-2011-4019 * SECURITY UPDATE: SSL 3.0 block padding exposure - debian/patches/CVE-2011-4576.patch: clear bytes used for block padding of SSL 3.0 records. - CVE-2011-4576 * SECURITY UPDATE: malformed RFC 3779 data denial of service attack - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779 data from triggering an assertion failure - CVE-2011-4577 * SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake restart for SSL/TLS. - CVE-2011-4619 * SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC - CVE-2012-0050 * SECURITY UPDATE: NULL pointer dereference in S/MIME messages with broken headers - debian/patches/CVE-2006-7250+2012-1165.patch: adjust mime_hdr_cmp() and mime_param_cmp() to not dereference the compared strings if either is NULL - CVE-2006-7250 - CVE-2012-1165 * SECURITY UPDATE: fix various overflows - debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c, crypto/buffer.c and crypto/mem.c to verify size of lengths - CVE-2012-2110 * SECURITY UPDATE: incomplete fix for CVE-2012-2110 - debian/patches/CVE-2012-2131.patch: also verify 'len' in BUF_MEM_grow and BUF_MEM_grow_clean is non-negative - CVE-2012-2131 * debian/patches/CVE-2012-2110b.patch: Use correct error code in BUF_MEM_grow_clean()
lp:ubuntu/raring/openssl098	1 Development	2012-10-19 09:59:08 UTC 2012-10-19	6. * Bring up to date with latest securi... Author: Jamie Strandboge Revision Date: 2012-04-24 10:06:47 UTC * Bring up to date with latest security patches from Ubuntu 11.04: * SECURITY UPDATE: ECDSA private key timing attack - debian/patches/CVE-2011-1945.patch: compute with fixed scalar length - CVE-2011-1945 * SECURITY UPDATE: ECDH ciphersuite denial of service - debian/patches/CVE-2011-3210.patch: fix memory usage for thread safety - CVE-2011-3210 * SECURITY UPDATE: DTLS plaintext recovery attack - debian/patches/CVE-2011-4108.patch: perform all computations before discarding messages - CVE-2011-4108 * SECURITY UPDATE: policy check double free vulnerability - debian/patches/CVE-2011-4019.patch: only free domain policyin one location - CVE-2011-4019 * SECURITY UPDATE: SSL 3.0 block padding exposure - debian/patches/CVE-2011-4576.patch: clear bytes used for block padding of SSL 3.0 records. - CVE-2011-4576 * SECURITY UPDATE: malformed RFC 3779 data denial of service attack - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779 data from triggering an assertion failure - CVE-2011-4577 * SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake restart for SSL/TLS. - CVE-2011-4619 * SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC - CVE-2012-0050 * SECURITY UPDATE: NULL pointer dereference in S/MIME messages with broken headers - debian/patches/CVE-2006-7250+2012-1165.patch: adjust mime_hdr_cmp() and mime_param_cmp() to not dereference the compared strings if either is NULL - CVE-2006-7250 - CVE-2012-1165 * SECURITY UPDATE: fix various overflows - debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c, crypto/buffer.c and crypto/mem.c to verify size of lengths - CVE-2012-2110 * SECURITY UPDATE: incomplete fix for CVE-2012-2110 - debian/patches/CVE-2012-2131.patch: also verify 'len' in BUF_MEM_grow and BUF_MEM_grow_clean is non-negative - CVE-2012-2131 * debian/patches/CVE-2012-2110b.patch: Use correct error code in BUF_MEM_grow_clean()
lp:ubuntu/quantal/openssl098	2 Mature	2012-04-26 20:35:17 UTC 2012-04-26	5. Convert to multiarch. Author: Evan Broder Revision Date: 2011-12-10 03:24:19 UTC Convert to multiarch.
lp:ubuntu/oneiric-updates/openssl098	2 Mature	2012-04-24 22:05:31 UTC 2012-04-24	5. * Bring up to date with latest securi... Author: Jamie Strandboge Revision Date: 2012-04-24 10:00:29 UTC * Bring up to date with latest security patches from Ubuntu 11.04: * SECURITY UPDATE: ECDSA private key timing attack - debian/patches/CVE-2011-1945.patch: compute with fixed scalar length - CVE-2011-1945 * SECURITY UPDATE: ECDH ciphersuite denial of service - debian/patches/CVE-2011-3210.patch: fix memory usage for thread safety - CVE-2011-3210 * SECURITY UPDATE: DTLS plaintext recovery attack - debian/patches/CVE-2011-4108.patch: perform all computations before discarding messages - CVE-2011-4108 * SECURITY UPDATE: policy check double free vulnerability - debian/patches/CVE-2011-4019.patch: only free domain policyin one location - CVE-2011-4019 * SECURITY UPDATE: SSL 3.0 block padding exposure - debian/patches/CVE-2011-4576.patch: clear bytes used for block padding of SSL 3.0 records. - CVE-2011-4576 * SECURITY UPDATE: malformed RFC 3779 data denial of service attack - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779 data from triggering an assertion failure - CVE-2011-4577 * SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake restart for SSL/TLS. - CVE-2011-4619 * SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC - CVE-2012-0050 * SECURITY UPDATE: NULL pointer dereference in S/MIME messages with broken headers - debian/patches/CVE-2006-7250+2012-1165.patch: adjust mime_hdr_cmp() and mime_param_cmp() to not dereference the compared strings if either is NULL - CVE-2006-7250 - CVE-2012-1165 * SECURITY UPDATE: fix various overflows - debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c, crypto/buffer.c and crypto/mem.c to verify size of lengths - CVE-2012-2110 * SECURITY UPDATE: incomplete fix for CVE-2012-2110 - debian/patches/CVE-2012-2131.patch: also verify 'len' in BUF_MEM_grow and BUF_MEM_grow_clean is non-negative - CVE-2012-2131 * debian/patches/CVE-2012-2110b.patch: Use correct error code in BUF_MEM_grow_clean()
lp:ubuntu/oneiric-security/openssl098	2 Mature	2012-04-24 21:39:27 UTC 2012-04-24	5. * Bring up to date with latest securi... Author: Jamie Strandboge Revision Date: 2012-04-24 10:00:29 UTC * Bring up to date with latest security patches from Ubuntu 11.04: * SECURITY UPDATE: ECDSA private key timing attack - debian/patches/CVE-2011-1945.patch: compute with fixed scalar length - CVE-2011-1945 * SECURITY UPDATE: ECDH ciphersuite denial of service - debian/patches/CVE-2011-3210.patch: fix memory usage for thread safety - CVE-2011-3210 * SECURITY UPDATE: DTLS plaintext recovery attack - debian/patches/CVE-2011-4108.patch: perform all computations before discarding messages - CVE-2011-4108 * SECURITY UPDATE: policy check double free vulnerability - debian/patches/CVE-2011-4019.patch: only free domain policyin one location - CVE-2011-4019 * SECURITY UPDATE: SSL 3.0 block padding exposure - debian/patches/CVE-2011-4576.patch: clear bytes used for block padding of SSL 3.0 records. - CVE-2011-4576 * SECURITY UPDATE: malformed RFC 3779 data denial of service attack - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779 data from triggering an assertion failure - CVE-2011-4577 * SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake restart for SSL/TLS. - CVE-2011-4619 * SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC - CVE-2012-0050 * SECURITY UPDATE: NULL pointer dereference in S/MIME messages with broken headers - debian/patches/CVE-2006-7250+2012-1165.patch: adjust mime_hdr_cmp() and mime_param_cmp() to not dereference the compared strings if either is NULL - CVE-2006-7250 - CVE-2012-1165 * SECURITY UPDATE: fix various overflows - debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c, crypto/buffer.c and crypto/mem.c to verify size of lengths - CVE-2012-2110 * SECURITY UPDATE: incomplete fix for CVE-2012-2110 - debian/patches/CVE-2012-2131.patch: also verify 'len' in BUF_MEM_grow and BUF_MEM_grow_clean is non-negative - CVE-2012-2131 * debian/patches/CVE-2012-2110b.patch: Use correct error code in BUF_MEM_grow_clean()
lp:ubuntu/precise/openssl098	2 Mature	2011-12-10 03:24:19 UTC 2011-12-10	5. Convert to multiarch. Author: Evan Broder Revision Date: 2011-12-10 03:24:19 UTC Convert to multiarch.
lp:ubuntu/oneiric/openssl098	2 Mature	2011-09-05 19:12:59 UTC 2011-09-05	4. * Add openssl098 compatibility packag... Author: Colin Watson Revision Date: 2011-09-05 13:35:52 UTC * Add openssl098 compatibility package from Debian, reapplying the corresponding Ubuntu changes to openssl: - debian/libssl0.9.8.postinst: Use a different priority for libssl0.9.8/restart-services depending on whether a desktop or server dist-upgrade is being performed. - debian/{libcrypto0.9.8-udeb.dirs, libssl0.9.8.dirs, libssl0.9.8.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/aesni.patch: Backport Intel AES-NI support from http://rt.openssl.org/Ticket/Display.html?id=2067. - debian/patches/Bsymbolic-functions.patch: Link using -Bsymbolic-functions. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/patches/no-sslv2.patch: Disable SSLv2 to match NSS and GnuTLS. The protocol is unsafe and extremely deprecated. (Closes: #589706) - debian/rules: + Disable SSLv2 during compile. (Closes: #589706) + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. (Closes: #465248) + Don't build for processors no longer supported: i486, i586 (on i386), v8 (on sparc). + Fix Makefile to properly clean up libs/ dirs in clean target. (Closes: #611667) * Dropped changes no longer required in this compatibility package: - Display a system-restart-required notification on libssl0.9.8 upgrade. (libssl1.0.0 will take care of this from now on.) - Create libssl0.9.8-udeb. - Move documentation to openssl-doc. - Replace duplicate files in the doc directory with symlinks.

Ubuntuopenssl098 package

Ubuntu
openssl098 package