Ubuntu

Bazaar branches of openssl in Ubuntu Jaunty

Name Status Last Modified Last Commit
lp:ubuntu/jaunty/openssl 2 Mature 2009-12-02 16:48:01 UTC 2009-12-02
30. * SECURITY UPDATE: crash via invalid ...

Author: Jamie Strandboge
Revision Date: 2009-03-27 08:23:35 UTC

* SECURITY UPDATE: crash via invalid memory access when printing BMPString
  or UniversalString with invalid length
  - crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h:
    return error if invalid length
  - CVE-2009-0590
  - http://www.openssl.org/news/secadv_20090325.txt
  - patch from upstream CVS:
    crypto/asn1/asn1.h:1.128.2.11->1.128.2.12
    crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5
    crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11

lp:ubuntu/jaunty-proposed/openssl bug 2 Mature 2010-08-18 22:43:05 UTC 2010-08-18
34. * SECURITY UPDATE: TLS renegotiation ...

Author: Marc Deslauriers
Revision Date: 2010-08-12 08:34:41 UTC

* SECURITY UPDATE: TLS renegotiation flaw (LP: #616759)
  - apps/{s_cb,s_client,s_server}.c, doc/ssl/SSL_CTX_set_options.pod,
    ssl/{d1_both,d1_clnt,d1_srvr,s3_both,s3_clnt,s3_pkt,s3_srvr,ssl_err,
    ssl_lib,t1_lib,t1_reneg}.c, ssl/Makefile, ssl/{ssl3,ssl,ssl_locl,
    tls1}.h: backport rfc5746 support from openssl 0.9.8m.
  - CVE-2009-3555

lp:ubuntu/jaunty-security/openssl 2 Mature 2010-10-06 17:50:37 UTC 2010-10-06
35. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2010-10-06 17:50:37 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  unchecked bn_wexpand return values. (LP: #655884)
  - crypto/bn/{bn_mul,bn_div,bn_gf2m}.c, crypto/ec/ec2_smpl.c,
    engines/e_ubsec.c: check return values.
  - http://cvs.openssl.org/chngview?cn=18936
  - http://cvs.openssl.org/chngview?cn=19309
  - CVE-2009-3245
* SECURITY UPDATE: denial of service and possible code execution via
  crafted private key with an invalid prime.
  - ssl/s3_clnt.c: set bn_ctx to NULL after freeing it.
  - http://www.mail-archive.com/openssl-dev@openssl.org/msg28049.html
  - CVE-2010-2939

lp:ubuntu/jaunty-updates/openssl bug 2 Mature 2010-10-07 22:40:41 UTC 2010-10-07
35. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2010-10-06 17:50:37 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  unchecked bn_wexpand return values. (LP: #655884)
  - crypto/bn/{bn_mul,bn_div,bn_gf2m}.c, crypto/ec/ec2_smpl.c,
    engines/e_ubsec.c: check return values.
  - http://cvs.openssl.org/chngview?cn=18936
  - http://cvs.openssl.org/chngview?cn=19309
  - CVE-2009-3245
* SECURITY UPDATE: denial of service and possible code execution via
  crafted private key with an invalid prime.
  - ssl/s3_clnt.c: set bn_ctx to NULL after freeing it.
  - http://www.mail-archive.com/openssl-dev@openssl.org/msg28049.html
  - CVE-2010-2939

14 of 4 results