lp:ubuntu/gutsy-security/openssl

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

21. By Jamie Strandboge on 2009-03-26

* SECURITY UPDATE: crash via invalid memory access when printing BMPString
  or UniversalString with invalid length
  - crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h:
    return error if invalid length
  - CVE-2009-0590
  - http://www.openssl.org/news/secadv_20090325.txt
  - patch from upstream CVS:
    crypto/asn1/asn1.h:1.128.2.11->1.128.2.12
    crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5
    crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11

20. By Jamie Strandboge on 2009-01-06

* SECURITY UPDATE: clients treat malformed signatures as good when verifying
  server DSA and ECDSA certificates
  - update apps/speed.c, apps/spkac.c, apps/verify.c, apps/x509.c,
    ssl/s2_clnt.c, ssl/s2_srvr.c, ssl/s3_clnt.c, s3_srvr.c, and
    ssl/ssltest.c to properly check the return code of EVP_VerifyFinal()
  - patch based on upstream patch for #2008-016
  - CVE-2008-5077

19. By Kees Cook on 2008-05-08

* SECURITY UPDATE: PRNG seeding was not fully operational.
* crypto/rand/md_rand.c: restore upstream code.

18. By Kees Cook on 2007-10-19

* SECURITY UPDATE: DTLS implementation can lead to remote code execution.
* ssl/{ssl_err,d1_both}.c, ssl/{dtls1,ssl}.h: patched inline with upstream
  fixes backported thanks to Ludwig Nussel.
* References
  http://www.openssl.org/news/secadv_20071012.txt
  CVE-2007-4995

17. By Matthias Klose on 2007-10-04

Replace duplicate files in the doc directory with symlinks.

16. By Kees Cook on 2007-09-28

[ Jamie Strandboge ]
* SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in
  buffer overflow
* ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to
  Stephan Hermann
* References:
  CVE-2007-5135
  http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded
  Fixes LP: #146269
* Modify Maintainer value to match the DebianMaintainerField
  specification.

[ Kees Cook ]
* SECURITY UPDATE: side-channel attacks via BN_from_montgomery function.
* crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian.
* References
  CVE-2007-3108

15. By Matthias Klose on 2007-07-31

* Configure: Add support for lpia.
* Explicitely build using gcc-4.1 (PR other/31359).

14. By Kurt Roeckx on 2007-05-15

[ Christian Perrier ]
* Debconf templates proofread and slightly rewritten by
  the debian-l10n-english team as part of the Smith Review Project.
  Closes: #418584
* Debconf templates translations:
  - Arabic. Closes: #418669
  - Russian. Closes: #418670
  - Galician. Closes: #418671
  - Swedish. Closes: #418679
  - Korean. Closes: #418755
  - Czech. Closes: #418768
  - Basque. Closes: #418784
  - German. Closes: #418785
  - Traditional Chinese. Closes: #419915
  - Brazilian Portuguese. Closes: #419959
  - French. Closes: #420429
  - Italian. Closes: #420461
  - Japanese. Closes: #420482
  - Catalan. Closes: #420833
  - Dutch. Closes: #420925
  - Malayalam. Closes: #420986
  - Portuguese. Closes: #421032
  - Romanian. Closes: #421708

[ Kurt Roeckx ]
* Remove the Provides for the udeb. Patch from Frans Pop. (Closes: #419608)
* Updated Spanish debconf template. (Closes: #421336)
* Do the header changes, changing those defines into real functions,
  and bump the shlibs to match.
* Update Japanese debconf translation. (Closes: #422270)

13. By Kurt Roeckx on 2007-03-10

openssl should depend on libssl0.9.8 0.9.8e-1 since it
uses some of the defines that changed to functions.
Other things build against libssl or libcrypto shouldn't
have this problem since they use the old headers.
(Closes: #414283)

12. By Matthias Klose on 2007-03-05

Rebuild for changes in the amd64 toolchain.