lp:ubuntu/hardy-security/openssl
- Get this branch:
- bzr branch lp:ubuntu/hardy-security/openssl
Branch merges
Branch information
Recent revisions
- 37. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via invalid OCSP key
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=66e8211c0b134 7970096e04b18aa 52567c325200
- CVE-2013-0166
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=2708813166643 96326c461ec7a12 4aec2c6cc081
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=35a65e814beb8 99fa1c69a7673a8 956c6059dce7
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=a33e6702a0db1 b9f4648d247b8b2 8a5c0e42ca13
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=2928cb4c82d65 16d9e65ede4901a 5957d8c39c32
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=b3a959a337b80 83bc855623f24ce baf43a477350
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=be88529753897 c29c677d1becb32 1f0072c0659c
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=99f5093347c65 eecbd05f0668aea 94b32fcf20d7
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=24b28060975c0 1b749391778d13e c2ea1323a1aa
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=924b11742296c 13816a9f301e76f ea023003920c
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=c23a7458209e7 73ffcd42bdcfa5c f2564df86bd7
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=1909df070fb5c 5b87246a2de19c1 7588deba5818
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=33ccde59a1ece 0f68cc4b64e9300 01ab230725b1
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=5f9345a2f0b59 2457fc4a619ac98 ea59ffd394ba
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=40e0de03955e2 18f45a7979cb46f ba193f4e7fc2
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=1213e6c3c2d7a beeb886d911a3c6 c06c5da2e3a4
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=ca3b81c8580a6 09edac1f13a3f62 d4348d66c3a8
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=6351adecb4726 476def5f5ad904a 7d2e63480d53
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=fb092ef4fca89 7344daf7189526f 5f26be6487ce
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=59b1129e0a50f df7e4e58d7c3557 83a7bfc1f44c
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=4ea7019165db5 3b92b4284461c5c 88bfe7c6e57d
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=76c61a5d1adb9 2388f39e585e4af 860a20feb9bb
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=ff58eaa4b645a 38f3a226cf566d9 69fffa64ef94
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=5864fd2061f43 dc8f89b5755f19b d2a35dec636c
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=fbe621d08f202 6926c91c1c5f386 b27605e39a43
- http://git.openssl. org/gitweb/ ?p=openssl. git;a=commit; h=a8655eb21a7f9 a313db18daa6cca ed928fb6027c
- CVE-2013-0169 - 36. By Steve Beattie
-
* SECURITY UPDATE: denial of service attack in DTLS implementation
- ssl/d1_enc.c: guard for integer overflow before skipping
explicit IV
- http://cvs.openssl. org/chngview? cn=22558
- CVE-2012-2333
* SECURITY UPDATE: million message attack (MMA) in CMS
- crypto/pkcs7/pk7_ doit.c: use a random key if RSA decryption
fails to avoid leaking timing information
- http://cvs.openssl. org/chngview? cn=22238
- CVE-2012-0884
* crypto/pkcs7/pk7_ smime.c: detect symmetric crypto errors in
PKCS7_decrypt
- http://cvs.openssl. org/chngview? cn=22161 - 35. By Jamie Strandboge
-
* SECURITY UPDATE: incomplete fix for CVE-2012-2110
- crypto/buffer/ buffer. c: also verify 'len' in BUF_MEM_grow and
BUF_MEM_grow_ clean is non-negative
- http://cvs.openssl. org/chngview? cn=22479
- CVE-2012-2131
* crypto/buffer/ buffer. c: Use correct error code in BUF_MEM_ grow_clean( )
- http://cvs.openssl. org/chngview? cn=22476 - 34. By Jamie Strandboge
-
* SECURITY UPDATE: fix various overflows
- adjust crypto/a_d2i_fp.c, crypto/buffer.c and crypto/mem.c to verify
size of lengths
- http://cvs.openssl. org/chngview? cn=22439
- CVE-2012-2110 - 33. By Steve Beattie
-
* SECURITY UPDATE: ECDSA private key timing attack
- crypto/ecdsa/ecs_ ossl.c: compute with fixed scalar length
- http://cvs.openssl. org/chngview? cn=20892
- CVE-2011-1945
* SECURITY UPDATE: ECDH ciphersuite denial of service
- ssl/s3_lib.c, file ssl/s3_srvr.c: fix memory usage for thread
safety
- http://cvs.openssl. org/chngview? cn=21334
- CVE-2011-3210
* SECURITY UPDATE: DTLS plaintext recovery attack (LP: #922229)
- ssl/d1_pkt.c: perform all computations before discarding messages
- http://cvs.openssl. org/chngview? cn=21942
- http://cvs.openssl. org/chngview? cn=19574
- CVE-2011-4108
* SECURITY UPDATE: policy check double free vulnerability
- crypto/x509v3/ pcy_map. c, crypto/ x509v3/ pcy_tree. c: only free
domain policy in one location
- http://cvs.openssl. org/chngview? cn=21941
- CVE-2011-4019
* SECURITY UPDATE: incorrect elliptic curve computation TLS key
exposure
- crypto/bn/bn_nist. c: perform ellyiptic curve computations
correctly
- update to http://cvs.openssl. org/fileview? f=openssl/ crypto/ bn/bn_nist. c&v=1.20
- CVE-2011-4354
* SECURITY UPDATE: SSL 3.0 block padding exposure
- ssl/s3_enc.c: clear bytes used for block padding of SSL 3.0
records.
- http://cvs.openssl. org/chngview? cn=21940
- CVE-2011-4576
* SECURITY UPDATE: malformed RFC 3779 data denial of service attack
- crypto/x509v3/ v3_addr. c: prevent malformed RFC3779 data
from triggering an assertion failure
- http://cvs.openssl. org/chngview? cn=21937
- CVE-2011-4577
* SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service
- ssl/s3_srvr.c, ssl/ssl.h, ssl/ssl3.h, ssl/ssl_err.c: Only allow
one SGC handshake restart for SSL/TLS.
- CVE-2011-4619
* SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack
- ssl/d1_pkt.c: improve handling of DTLS MAC
- http://cvs.openssl. org/chngview? cn=22032
- CVE-2012-0050
* crypto/ecdsa/ecdsatest .c: fix ECDSA tests
- http://cvs.openssl. org/chngview? cn=21777
- http://cvs.openssl. org/chngview? cn=21995
* debian/libssl0. 9.8.postinst: Only issue the reboot notification for
servers by testing that the X server is not running (LP: #244250) - 32. By Steve Beattie
-
* SECURITY UPDATE: ciphersuite downgrade vulnerability
- ssl/s3_clnt.c, ssl/s3_srvr.c: disable workaround for Netscape
cipher suite bug
- http://openssl. org/news/ secadv_ 20101202. txt
- CVE-2010-4180 - 31. By Steve Beattie
-
* SECURITY UPDATE: TLS race condition leading to a buffer overflow and
possible code execution. (LP: #676243)
- ssl/t1_lib.c: stricter NULL/not-NULL checking
- http://openssl. org/news/ secadv_ 20101116. txt
- CVE-2010-3864 - 30. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
unchecked bn_wexpand return values. (LP: #655884)
- crypto/bn/{bn_ mul,bn_ div,bn_ gf2m}.c, crypto/ ec/ec2_ smpl.c,
engines/e_ubsec. c: check return values.
- http://cvs.openssl. org/chngview? cn=18936
- http://cvs.openssl. org/chngview? cn=19309
- CVE-2009-3245
* SECURITY UPDATE: denial of service and possible code execution via
crafted private key with an invalid prime.
- ssl/s3_clnt.c: set bn_ctx to NULL after freeing it.
- http://<email address hidden>/msg28049. html
- CVE-2010-2939 - 29. By Marc Deslauriers
-
* SECURITY UPDATE: TLS renegotiation flaw (LP: #616759)
- apps/{s_cb,s_client, s_server} .c, doc/ssl/ SSL_CTX_ set_options. pod,
ssl/{d1_both, d1_clnt, d1_srvr, s3_both, s3_clnt, s3_pkt, s3_srvr, ssl_err,
ssl_lib,t1_ lib,t1_ reneg}. c, ssl/Makefile, ssl/{ssl3, ssl,ssl_ locl,
tls1}.h: backport rfc5746 support from openssl 0.9.8m.
- CVE-2009-3555
* Enable tlsext, and backport some patches from jaunty now that tlsext is
enabled.
- Fix a problem with tlsext preventing firefox 3 from connection.
- Don't add extentions to ssl v3 connections. It breaks with some
other software.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/openssl