Created by James Westby on 2010-09-21 and last modified on 2015-03-19
Get this branch:
bzr branch lp:ubuntu/lucid-security/openssl
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

61. By Marc Deslauriers on 2015-03-19

* SECURITY UPDATE: denial of service and possible memory corruption via
  malformed EC private key
  - debian/patches/CVE-2015-0209.patch: fix use after free in
  - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
    freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
  - CVE-2015-0209
* SECURITY UPDATE: denial of service via cert verification
  - debian/patches/CVE-2015-0286.patch: handle boolean types in
  - CVE-2015-0286
* SECURITY UPDATE: ASN.1 structure reuse memory corruption
  - debian/patches/CVE-2015-0287.patch: free up structures in
  - CVE-2015-0287
* SECURITY UPDATE: denial of service via invalid certificate key
  - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
  - CVE-2015-0288
* SECURITY UPDATE: denial of service and possible code execution via
  PKCS#7 parsing
  - debian/patches/CVE-2015-0289.patch: handle missing content in
    crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
  - CVE-2015-0289
* SECURITY UPDATE: denial of service or memory corruption via base64
  - debian/patches/CVE-2015-0292.patch: prevent underflow in
  - CVE-2015-0292
* SECURITY UPDATE: denial of service via assert in SSLv2 servers
  - debian/patches/CVE-2015-0293.patch: check key lengths in
    ssl/s2_lib.c, ssl/s2_srvr.c.
  - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
  - CVE-2015-0293

60. By Marc Deslauriers on 2015-01-09

* SECURITY UPDATE: denial of service via unexpected handshake when
  no-ssl3 build option is used (not the default)
  - debian/patches/CVE-2014-3569.patch: keep the old method for now in
  - CVE-2014-3569
* SECURITY UPDATE: bignum squaring may produce incorrect results
  - debian/patches/CVE-2014-3570.patch: fix bignum logic in
    crypto/bn/asm/mips3.s, crypto/bn/asm/x86_64-gcc.c,
    crypto/bn/bn_asm.c, added test to crypto/bn/bntest.c.
  - CVE-2014-3570
* SECURITY UPDATE: DTLS segmentation fault in dtls1_get_record
  - debian/patches/CVE-2014-3571.patch: fix crash in ssl/d1_pkt.c,
  - CVE-2014-3571
* SECURITY UPDATE: ECDHE silently downgrades to ECDH [Client]
  - debian/patches/CVE-2014-3572.patch: don't skip server key exchange in
  - CVE-2014-3572
* SECURITY UPDATE: certificate fingerprints can be modified
  - debian/patches/CVE-2014-8275.patch: fix various fingerprint issues in
    crypto/asn1/a_bitstr.c, crypto/asn1/a_type.c, crypto/asn1/a_verify.c,
    crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/x_algor.c,
    crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, crypto/x509/x509.h,
    crypto/x509/x_all.c, util/libeay.num.
  - CVE-2014-8275
* SECURITY UPDATE: RSA silently downgrades to EXPORT_RSA [Client]
  - debian/patches/CVE-2015-0204.patch: only allow ephemeral RSA keys in
    export ciphersuites in ssl/d1_srvr.c, ssl/s3_clnt.c, ssl/s3_srvr.c,
    ssl/ssl.h, adjust documentation in doc/ssl/SSL_CTX_set_options.pod,
  - CVE-2015-0204

59. By Marc Deslauriers on 2014-10-15

* SECURITY UPDATE: denial of service via session ticket integrity check
  memory leak
  - debian/patches/CVE-2014-3567.patch: perform cleanup in ssl/t1_lib.c.
  - CVE-2014-3567
* SECURITY UPDATE: fix the no-ssl3 build option
  - debian/patches/CVE-2014-3568.patch: fix conditional code in
    ssl/s23_clnt.c, ssl/s23_srvr.c.
  - CVE-2014-3568
  protocol downgrade attack to SSLv3 that exposes the POODLE attack.
  - debian/patches/tls_fallback_scsv_support.patch: added support for
    TLS_FALLBACK_SCSV in apps/s_client.c, crypto/err/openssl.ec,
    ssl/d1_lib.c, ssl/dtls1.h, ssl/s23_clnt.c, ssl/s23_srvr.c,
    ssl/s2_lib.c, ssl/s3_enc.c, ssl/s3_lib.c, ssl/ssl.h, ssl/ssl3.h,
    ssl/ssl_err.c, ssl/ssl_lib.c, ssl/t1_enc.c, ssl/tls1.h,
    ssl/ssl_locl.h, doc/apps/s_client.pod, doc/ssl/SSL_CTX_set_mode.pod.

58. By Marc Deslauriers on 2014-08-18

* SECURITY UPDATE: Properly fix stateless session support (LP: #1356843)
  - fixes regression introduced with fix_renegotiation.patch.
  - debian/patches/fix_stateless_session.patch: added two commits from
    git to properly handle stateless sessions in ssl/s3_srvr.c,
    ssl/ssl_asn1.c, ssl/t1_lib.c.

57. By Marc Deslauriers on 2014-08-07

* SECURITY UPDATE: double free when processing DTLS packets
  - debian/patches/CVE-2014-3505.patch: fix double free in ssl/d1_both.c.
  - CVE-2014-3505
* SECURITY UPDATE: DTLS memory exhaustion
  - debian/patches/CVE-2014-3506.patch: fix DTLS handshake message size
    checks in ssl/d1_both.c.
  - CVE-2014-3506
* SECURITY UPDATE: information leak in pretty printing functions
  - debian/patches/CVE-2014-3508.patch: fix OID handling in
    crypto/asn1/a_object.c, crypto/objects/obj_dat.c, crypto/asn1/asn1.h,
  - CVE-2014-3508
* SECURITY UPDATE: DTLS anonymous EC(DH) denial of service
  - debian/patches/CVE-2014-3510.patch: check for server certs in
    ssl/d1_clnt.c, ssl/s3_clnt.c.
  - CVE-2014-3510
* SECURITY UPDATE: TLS protocol downgrade attack
  - debian/patches/CVE-2014-3511.patch: properly handle fragments in
  - CVE-2014-3511

56. By Marc Deslauriers on 2014-06-20

* SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
  - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
    sending finished ssl/s3_clnt.c.

55. By Marc Deslauriers on 2014-06-04

* SECURITY UPDATE: MITM via change cipher spec
  - debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec
    when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c,
  - debian/patches/CVE-2014-0224-2.patch: don't accept zero length master
    secrets in ssl/s3_pkt.c.
  - debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in
  - debian/patches/fix_renegotiation.patch: add upstream commit to fix
    renegotiation in ssl/s3_clnt.c, ssl/t1_lib.c.
  - CVE-2014-0224
* SECURITY UPDATE: denial of service via DTLS recursion flaw
  - debian/patches/CVE-2014-0221.patch: handle DTLS hello request without
    recursion in ssl/d1_both.c.
  - CVE-2014-0221

54. By Seth Arnold on 2013-06-03

* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
  (LP: #1187195)
  - CVE-2012-4929
  - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
    zlib to compress SSL/TLS unless the environment variable
    OPENSSL_DEFAULT_ZLIB is set in the environment during library
  - Introduced to assist with programs not yet updated to provide their own
    controls on compression, such as Postfix
  - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch

53. By Marc Deslauriers on 2013-02-18

* SECURITY UPDATE: denial of service via invalid OCSP key
  - debian/patches/CVE-2013-0166.patch: properly handle NULL key in
    crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
  - CVE-2013-0166
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - debian/patches/CVE-2013-0169.patch: massive code changes
  - CVE-2013-0169

52. By Steve Beattie on 2012-05-22

* SECURITY UPDATE: denial of service attack in DTLS implementation
  - debian/patches/CVE_2012-2333.patch: guard for integer overflow
    before skipping explicit IV
  - CVE-2012-2333
* SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7
  - debian/patches/CVE-2012-0884.patch: use a random key if RSA
    decryption fails to avoid leaking timing information
  - CVE-2012-0884
* debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto
  errors in PKCS7_decrypt and initialize tkeylen properly when
  encrypting CMS messages.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.