ubuntu/+source/openssl:applied/ubuntu/intrepid-updates

Last commit made on 2010-01-14
Get this branch:
git clone -b applied/ubuntu/intrepid-updates https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/intrepid-updates
Repository:
lp:ubuntu/+source/openssl

Recent commits

f3fb9e2... by Kees Cook on 2010-01-13

Import patches-applied version 0.9.8g-10.1ubuntu2.6 to applied/ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: ce34012cc150501fdc9b926c5fadcdad9385e76c
Unapplied parent: 3962b2f78d25d8da76f8584e221604b8d0b7c5b3

New changelog entries:
  * SECURITY UPDATE: memory leak possible during state clean-up.
    - crypto/comp/c_zlib.c: upstream fixes applied inline.
    - CVE-2009-4355

3962b2f... by Kees Cook on 2010-01-13

Import patches-unapplied version 0.9.8g-10.1ubuntu2.6 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 062a9ddd99cd8154fff7d79c0916ea8f505c07d8

New changelog entries:
  * SECURITY UPDATE: memory leak possible during state clean-up.
    - crypto/comp/c_zlib.c: upstream fixes applied inline.
    - CVE-2009-4355

ce34012... by Marc Deslauriers on 2009-09-08

Import patches-applied version 0.9.8g-10.1ubuntu2.5 to applied/ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: ea33ff544fbb273d8fd3adf71eff00abbef24923
Unapplied parent: 062a9ddd99cd8154fff7d79c0916ea8f505c07d8

New changelog entries:
  * SECURITY UPDATE: certificate spoofing via hash collisions from MD2
    design flaws.
    - crypto/evp/c_alld.c, ssl/ssl_algs.c: disable MD2 digest.
    - crypto/x509/x509_vfy.c: skip signature check for self signed
      certificates
    - http://marc.info/?l=openssl-cvs&m=124508133203041&w=2
    - http://marc.info/?l=openssl-cvs&m=124704528713852&w=2
    - CVE-2009-2409

062a9dd... by Marc Deslauriers on 2009-09-08

Import patches-unapplied version 0.9.8g-10.1ubuntu2.5 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 7a605fa9938ec74184265c6e68233a050e597fd0

New changelog entries:
  * SECURITY UPDATE: certificate spoofing via hash collisions from MD2
    design flaws.
    - crypto/evp/c_alld.c, ssl/ssl_algs.c: disable MD2 digest.
    - crypto/x509/x509_vfy.c: skip signature check for self signed
      certificates
    - http://marc.info/?l=openssl-cvs&m=124508133203041&w=2
    - http://marc.info/?l=openssl-cvs&m=124704528713852&w=2
    - CVE-2009-2409

ea33ff5... by Marc Deslauriers on 2009-06-11

Import patches-applied version 0.9.8g-10.1ubuntu2.4 to applied/ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 821232c19e0936552864a5782fc6f26f016969df
Unapplied parent: 7a605fa9938ec74184265c6e68233a050e597fd0

New changelog entries:
  * SECURITY UPDATE: denial of service via memory consumption from large
    number of future epoch DTLS records.
    - crypto/pqueue.*: add new pqueue_size counter function.
    - ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100.
    - http://cvs.openssl.org/chngview?cn=18187
    - CVE-2009-1377
  * SECURITY UPDATE: denial of service via memory consumption from
    duplicate or invalid sequence numbers in DTLS records.
    - ssl/d1_both.c: discard message if it's a duplicate or too far in the
      future.
    - http://marc.info/?l=openssl-dev&m=124263491424212&w=2
    - CVE-2009-1378
  * SECURITY UPDATE: denial of service or other impact via use-after-free
    in dtls1_retrieve_buffered_fragment.
    - ssl/d1_both.c: use temp frag_len instead of freed frag.
    - http://rt.openssl.org/Ticket/Display.html?id=1923
    - CVE-2009-1379
  * SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet
    that occurs before ClientHello.
    - ssl/s3_pkt.c: abort if s->session is NULL.
    - ssl/{ssl.h,ssl_err.c}: add new error codes.
    - http://cvs.openssl.org/chngview?cn=17369
    - CVE-2009-1386
  * SECURITY UPDATE: denial of service via an out-of-sequence DTLS
    handshake message.
    - ssl/d1_both.c: don't buffer fragments with no data.
    - http://cvs.openssl.org/chngview?cn=17958
    - CVE-2009-1387

7a605fa... by Marc Deslauriers on 2009-06-11

Import patches-unapplied version 0.9.8g-10.1ubuntu2.4 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 2ded223721b04ec953fc8b4af176fcffecfbbf5a

New changelog entries:
  * SECURITY UPDATE: denial of service via memory consumption from large
    number of future epoch DTLS records.
    - crypto/pqueue.*: add new pqueue_size counter function.
    - ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100.
    - http://cvs.openssl.org/chngview?cn=18187
    - CVE-2009-1377
  * SECURITY UPDATE: denial of service via memory consumption from
    duplicate or invalid sequence numbers in DTLS records.
    - ssl/d1_both.c: discard message if it's a duplicate or too far in the
      future.
    - http://marc.info/?l=openssl-dev&m=124263491424212&w=2
    - CVE-2009-1378
  * SECURITY UPDATE: denial of service or other impact via use-after-free
    in dtls1_retrieve_buffered_fragment.
    - ssl/d1_both.c: use temp frag_len instead of freed frag.
    - http://rt.openssl.org/Ticket/Display.html?id=1923
    - CVE-2009-1379
  * SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet
    that occurs before ClientHello.
    - ssl/s3_pkt.c: abort if s->session is NULL.
    - ssl/{ssl.h,ssl_err.c}: add new error codes.
    - http://cvs.openssl.org/chngview?cn=17369
    - CVE-2009-1386
  * SECURITY UPDATE: denial of service via an out-of-sequence DTLS
    handshake message.
    - ssl/d1_both.c: don't buffer fragments with no data.
    - http://cvs.openssl.org/chngview?cn=17958
    - CVE-2009-1387

821232c... by Jamie Strandboge on 2009-03-26

Import patches-applied version 0.9.8g-10.1ubuntu2.2 to applied/ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: a49bf581e4a9cbb78eced12d2a7be33e82b0b55b
Unapplied parent: 2ded223721b04ec953fc8b4af176fcffecfbbf5a

New changelog entries:
  * SECURITY UPDATE: crash via invalid memory access when printing BMPString
    or UniversalString with invalid length
    - crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h:
      return error if invalid length
    - CVE-2009-0590
    - http://www.openssl.org/news/secadv_20090325.txt
    - patch from upstream CVS:
      crypto/asn1/asn1.h:1.128.2.11->1.128.2.12
      crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5
      crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11

2ded223... by Jamie Strandboge on 2009-03-26

Import patches-unapplied version 0.9.8g-10.1ubuntu2.2 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: b3ac2b66cd894601ab23372169d7ab786a75ffc8

New changelog entries:
  * SECURITY UPDATE: crash via invalid memory access when printing BMPString
    or UniversalString with invalid length
    - crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h:
      return error if invalid length
    - CVE-2009-0590
    - http://www.openssl.org/news/secadv_20090325.txt
    - patch from upstream CVS:
      crypto/asn1/asn1.h:1.128.2.11->1.128.2.12
      crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5
      crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11

a49bf58... by Jamie Strandboge on 2009-01-06

Import patches-applied version 0.9.8g-10.1ubuntu2.1 to applied/ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 54771f39dbeb0da9e1eaed98c8ab4d9a55bbb63d
Unapplied parent: b3ac2b66cd894601ab23372169d7ab786a75ffc8

New changelog entries:
  * SECURITY UPDATE: clients treat malformed signatures as good when verifying
    server DSA and ECDSA certificates
    - update apps/speed.c, apps/spkac.c, apps/verify.c, apps/x509.c,
      ssl/s2_clnt.c, ssl/s2_srvr.c, ssl/s3_clnt.c, s3_srvr.c, and
      ssl/ssltest.c to properly check the return code of EVP_VerifyFinal()
    - patch based on upstream patch for #2008-016
    - CVE-2008-5077

b3ac2b6... by Jamie Strandboge on 2009-01-06

Import patches-unapplied version 0.9.8g-10.1ubuntu2.1 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: f17aa4854fc1de3bbc4eb834ca31ffa24470bfd0

New changelog entries:
  * SECURITY UPDATE: clients treat malformed signatures as good when verifying
    server DSA and ECDSA certificates
    - update apps/speed.c, apps/spkac.c, apps/verify.c, apps/x509.c,
      ssl/s2_clnt.c, ssl/s2_srvr.c, ssl/s3_clnt.c, s3_srvr.c, and
      ssl/ssltest.c to properly check the return code of EVP_VerifyFinal()
    - patch based on upstream patch for #2008-016
    - CVE-2008-5077