Debian
openssl package

lp:debian/lenny/openssl

Created by James Westby on 2009-12-02 and last modified on 2012-01-18

Members of Ubuntu branches can upload to this branch. Log in for directions.

23. By Kurt Roeckx on 2012-01-18: Fix CVE-2012-0050.
22. By Raphael Geissert on 2011-09-23: * Non-maintainer upload by the Security Team.
* Fix CVE-2011-3210: SSL memory handling for (EC)DH ciphersuites
21. By Kurt Roeckx on 2010-12-05: * Apply TLS version tolerance patch. Upstream cvs commit 19073.
* Fix CVE-2010-4180 (Closes: #529221)
20. By Kurt Roeckx on 2010-11-15: Fix TLS extension parsing race condition (CVE-2010-3864)
19. By Kurt Roeckx on 2010-08-26: Fix CVE-2010-2939: Double free using ECDH. (Closes: #594415)
18. By Kurt Roeckx on 2010-06-07: Check return type of bn_wexpand(). Fixes CVE-2009-3245
(Closes: #575433)
17. By Kurt Roeckx on 2010-01-10: Clean up zlib state so that it will be reinitialized on next use and
not cause a memory leak. (CVE-2009-4355)
16. By Kurt Roeckx on 2009-06-08: * Fix DoS via a DTLS ChangeCipherSpec packet that occurs before ClientHello
(CVE-2009-1386)
* Fix DoS via an out-of-sequence DTLS handshake message (CVE-2009-1387)
15. By Kurt Roeckx on 2009-04-01: Properly validate the length of an encoded BMPString and UniversalString
(CVE-2009-0590)
14. By Kurt Roeckx on 2009-01-05: * Internal calls to didn't properly check for errors which
  resulted in malformed DSA and ECDSA signatures being treated as
  a good signature rather than as an error. (CVE-2008-5077)
* ipv6_from_asc() could write 1 byte longer than the buffer in case
  the ipv6 address didn't have "::" part. (Closes: #506111)

This branch contains Public information

Everyone can see this information.