ubuntu/+source/openssl:applied/ubuntu/artful-security

Last commit made on 2018-06-26
Get this branch:
git clone -b applied/ubuntu/artful-security https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/artful-security
Repository:
lp:ubuntu/+source/openssl

Recent commits

e378412... by Marc Deslauriers on 2018-06-20

Import patches-applied version 1.0.2g-1ubuntu13.6 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 90f108af4cf2dd0d51f65b8d99091341ba518507
Unapplied parent: f2e01974a0e4c0e2de8d333d329bfbcb29d1a477

New changelog entries:
  * SECURITY UPDATE: ECDSA key extraction side channel
    - debian/patches/CVE-2018-0495.patch: add blinding to an ECDSA
      signature in crypto/ecdsa/ecdsatest.c, crypto/ecdsa/ecs_ossl.c.
    - CVE-2018-0495
  * SECURITY UPDATE: denial of service via long prime values
    - debian/patches/CVE-2018-0732.patch: reject excessively large primes
      in DH key generation in crypto/dh/dh_key.c.
    - CVE-2018-0732
  * SECURITY UPDATE: RSA cache timing side channel attack
    (previous update was incomplete)
    - debian/patches/CVE-2018-0737-1.patch: replaced variable-time GCD in
      crypto/rsa/rsa_gen.c.
    - debian/patches/CVE-2018-0737-2.patch: used ERR set/pop mark in
      crypto/rsa/rsa_gen.c.
    - debian/patches/CVE-2018-0737-3.patch: consttime flag changed in
      crypto/rsa/rsa_gen.c.
    - debian/patches/CVE-2018-0737-4.patch: ensure BN_mod_inverse and
      BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set in
      crypto/rsa/rsa_gen.c.
    - CVE-2018-0737

f2e0197... by Marc Deslauriers on 2018-06-20

[PATCH] RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont

Gbp-Pq: CVE-2018-0737-4.patch.

5f382b6... by Marc Deslauriers on 2018-06-20

[PATCH] consttime flag changed

Gbp-Pq: CVE-2018-0737-3.patch.

d8db21f... by Marc Deslauriers on 2018-06-20

[PATCH] used ERR set/pop mark

Gbp-Pq: CVE-2018-0737-2.patch.

e21de08... by Marc Deslauriers on 2018-06-20

[PATCH] Replaced variable-time GCD with consttime inversion to avoid

Gbp-Pq: CVE-2018-0737-1.patch.

13cfe45... by Marc Deslauriers on 2018-06-20

[PATCH] Reject excessively large primes in DH key generation.

Gbp-Pq: CVE-2018-0732.patch.

0119034... by Marc Deslauriers on 2018-06-20

[PATCH] Add blinding to an ECDSA signature

Gbp-Pq: CVE-2018-0495.patch.

60fb69c... by Marc Deslauriers on 2018-06-20

[PATCH] Limit ASN.1 constructed types recursive definition depth

Gbp-Pq: CVE-2018-0739.patch.

2b1db77... by Marc Deslauriers on 2018-06-20

[PATCH] bn/asm/rsaz-avx2.pl: fix digit correction bug in

Gbp-Pq: CVE-2017-3738.patch.

90f023b... by Marc Deslauriers on 2018-06-20

[PATCH] Add a test for CVE-2017-3737

Gbp-Pq: CVE-2017-3737-2.patch.