Ubuntu
openssl package

Branches for Lucid

Name Status Last Modified Last Commit
lp:ubuntu/lucid-proposed/openssl bug 2 Mature 2013-06-03 20:37:34 UTC
54. * SECURITY UPDATE: Disable compressio...

Author: Seth Arnold
Revision Date: 2013-06-03 20:37:34 UTC

* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
  (LP: #1187195)
  - CVE-2012-4929
  - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
    zlib to compress SSL/TLS unless the environment variable
    OPENSSL_DEFAULT_ZLIB is set in the environment during library
    initialization.
  - Introduced to assist with programs not yet updated to provide their own
    controls on compression, such as Postfix
  - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch
lp:ubuntu/lucid-security/openssl bug 2 Mature 2015-03-19 09:57:59 UTC
61. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-03-19 09:57:59 UTC

* SECURITY UPDATE: denial of service and possible memory corruption via
  malformed EC private key
  - debian/patches/CVE-2015-0209.patch: fix use after free in
    crypto/ec/ec_asn1.c.
  - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
    freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
  - CVE-2015-0209
* SECURITY UPDATE: denial of service via cert verification
  - debian/patches/CVE-2015-0286.patch: handle boolean types in
    crypto/asn1/a_type.c.
  - CVE-2015-0286
* SECURITY UPDATE: ASN.1 structure reuse memory corruption
  - debian/patches/CVE-2015-0287.patch: free up structures in
    crypto/asn1/tasn_dec.c.
  - CVE-2015-0287
* SECURITY UPDATE: denial of service via invalid certificate key
  - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
    crypto/x509/x509_req.c.
  - CVE-2015-0288
* SECURITY UPDATE: denial of service and possible code execution via
  PKCS#7 parsing
  - debian/patches/CVE-2015-0289.patch: handle missing content in
    crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
  - CVE-2015-0289
* SECURITY UPDATE: denial of service or memory corruption via base64
  decoding
  - debian/patches/CVE-2015-0292.patch: prevent underflow in
    crypto/evp/encode.c.
  - CVE-2015-0292
* SECURITY UPDATE: denial of service via assert in SSLv2 servers
  - debian/patches/CVE-2015-0293.patch: check key lengths in
    ssl/s2_lib.c, ssl/s2_srvr.c.
  - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
    ssl/s2_srvr.c.
  - CVE-2015-0293
lp:ubuntu/lucid-updates/openssl 2 Mature 2015-03-19 09:57:59 UTC
61. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-03-19 09:57:59 UTC

* SECURITY UPDATE: denial of service and possible memory corruption via
  malformed EC private key
  - debian/patches/CVE-2015-0209.patch: fix use after free in
    crypto/ec/ec_asn1.c.
  - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
    freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
  - CVE-2015-0209
* SECURITY UPDATE: denial of service via cert verification
  - debian/patches/CVE-2015-0286.patch: handle boolean types in
    crypto/asn1/a_type.c.
  - CVE-2015-0286
* SECURITY UPDATE: ASN.1 structure reuse memory corruption
  - debian/patches/CVE-2015-0287.patch: free up structures in
    crypto/asn1/tasn_dec.c.
  - CVE-2015-0287
* SECURITY UPDATE: denial of service via invalid certificate key
  - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
    crypto/x509/x509_req.c.
  - CVE-2015-0288
* SECURITY UPDATE: denial of service and possible code execution via
  PKCS#7 parsing
  - debian/patches/CVE-2015-0289.patch: handle missing content in
    crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
  - CVE-2015-0289
* SECURITY UPDATE: denial of service or memory corruption via base64
  decoding
  - debian/patches/CVE-2015-0292.patch: prevent underflow in
    crypto/evp/encode.c.
  - CVE-2015-0292
* SECURITY UPDATE: denial of service via assert in SSLv2 servers
  - debian/patches/CVE-2015-0293.patch: check key lengths in
    ssl/s2_lib.c, ssl/s2_srvr.c.
  - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
    ssl/s2_srvr.c.
  - CVE-2015-0293
lp:~nvalcarcel/ubuntu/lucid/openssl/openssl-merge bug(Has a merge proposal) 1 Development 2009-12-07 19:44:29 UTC
39. Move runtime libraries to /lib, for t...

Author: Nicolas Valcarcel
Revision Date: 2009-12-07 19:44:29 UTC

Move runtime libraries to /lib, for the benefit of wpasupplicant
lp:ubuntu/lucid/openssl bug 1 Development 2010-03-30 08:57:51 UTC
43. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2010-03-30 08:57:51 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via unchecked return values
  - debian/patches/CVE-2009-3245.patch: check bn_wexpand return value in
    crypto/bn/{bn_div.c,bn_gf2m.c,bn_mul.c}, crypto/ec/ec2_smpl.c,
    engines/e_ubsec.c.
  - CVE-2009-3245
* SECURITY UPDATE: denial of service via "record of death"
  - debian/patches/CVE-2010-0740.patch: only send back minor version
    number in ssl/s3_pkt.c.
  - CVE-2010-0740
lp:~ubuntu-branches/ubuntu/lucid/openssl/lucid-proposed-201009271014 (Has a merge proposal) 1 Development 2010-09-27 10:14:37 UTC
46. releasing version 0.9.8k-7ubuntu8.2

Author: Colin Watson
Revision Date: 2010-09-24 11:28:22 UTC

releasing version 0.9.8k-7ubuntu8.2
lp:~verterok/ubuntu/lucid/openssl/1.0.0-backport 1 Development 2011-08-29 16:28:22 UTC
59. rename openssl package to openssl1.0.0

Author: Guillermo Gonzalez
Revision Date: 2011-08-29 16:28:22 UTC

rename openssl package to openssl1.0.0
17 of 7 results FirstPreviousNextLast