Ubuntu

Bazaar branches of openssl in Ubuntu Edgy

Name Status Last Modified Last Commit
lp:ubuntu/edgy/openssl 1 Development 2009-12-02 16:43:17 UTC 2009-12-02
9. * SECURITY UPDATE: Remote arbitrary c...

Author: Martin Pitt
Revision Date: 2006-09-27 12:16:12 UTC

* SECURITY UPDATE: Remote arbitrary code execution, remote DoS.
* crypto/asn1/tasn_dec.c, asn1_d2i_ex_primitive(): Initialize 'ret' to avoid
  an infinite loop in some circumstances. [CVE-2006-2937]
* ssl/ssl_lib.c, SSL_get_shared_ciphers(): Fix len comparison to correctly
  handle invalid long cipher list strings. [CVE-2006-3738]
* ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to
  avoid client crash with malicious server responses. [CVE-2006-4343]
* Certain types of public key could take disproportionate amounts of time to
  process. Apply patch from Bodo Moeller to impose limits to public key type
  values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940]
* Updated patch in previous package version to fix a few corner-case
  regressions. (This reverts the changes to rsa_eay.c/rsa.h/rsa_err.c, which
  were determined to not be necessary).

lp:ubuntu/edgy-security/openssl bug 1 Development 2009-12-02 16:45:36 UTC 2009-12-02
11. * SECURITY UPDATE: DTLS implementatio...

Author: Kees Cook
Revision Date: 2007-10-19 09:59:38 UTC

* SECURITY UPDATE: DTLS implementation can lead to remote code execution.
* ssl/{ssl_err,d1_both}.c, ssl/{dtls1,ssl}.h: patched inline with upstream
  fixes backported thanks to Ludwig Nussel.
* References
  http://www.openssl.org/news/secadv_20071012.txt
  CVE-2007-4995

lp:ubuntu/edgy-updates/openssl 1 Development 2009-12-02 16:43:44 UTC 2009-12-02
11. * SECURITY UPDATE: DTLS implementatio...

Author: Kees Cook
Revision Date: 2007-10-19 09:59:38 UTC

* SECURITY UPDATE: DTLS implementation can lead to remote code execution.
* ssl/{ssl_err,d1_both}.c, ssl/{dtls1,ssl}.h: patched inline with upstream
  fixes backported thanks to Ludwig Nussel.
* References
  http://www.openssl.org/news/secadv_20071012.txt
  CVE-2007-4995

13 of 3 results