ubuntu/+source/openssl:applied/ubuntu/maverick-updates

Last commit made on 2012-02-09
Get this branch:
git clone -b applied/ubuntu/maverick-updates https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/maverick-updates
Repository:
lp:ubuntu/+source/openssl

Recent commits

7b9bf57... by Steve Beattie on 2012-01-31

Import patches-applied version 0.9.8o-1ubuntu4.6 to applied/ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: 44937e3dd6c99b82be10ffcd22c077795bc2b84c
Unapplied parent: 6969796e75b13aa3ca868f1abcbbfdb0b2abc0b8

New changelog entries:
  * SECURITY UPDATE: ECDSA private key timing attack
    - debian/patches/CVE-2011-1945.patch: compute with fixed scalar
      length
    - CVE-2011-1945
  * SECURITY UPDATE: ECDH ciphersuite denial of service
    - debian/patches/CVE-2011-3210.patch: fix memory usage for thread
      safety
    - CVE-2011-3210
  * SECURITY UPDATE: DTLS plaintext recovery attack
    - debian/patches/CVE-2011-4108.patch: perform all computations
      before discarding messages
    - CVE-2011-4108
  * SECURITY UPDATE: policy check double free vulnerability
    - debian/patches/CVE-2011-4019.patch: only free domain policyin
      one location
    - CVE-2011-4019
  * SECURITY UPDATE: SSL 3.0 block padding exposure
    - debian/patches/CVE-2011-4576.patch: clear bytes used for block
      padding of SSL 3.0 records.
    - CVE-2011-4576
  * SECURITY UPDATE: malformed RFC 3779 data denial of service attack
    - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779
      data from triggering an assertion failure
    - CVE-2011-4577
  * SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service
    - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake
      restart for SSL/TLS.
    - CVE-2011-4619
  * SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack
    - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC
    - CVE-2012-0050
  * debian/patches/openssl-fix_ECDSA_tests.patch: fix ECDSA tests
  * debian/libssl0.9.8.postinst: Only issue the reboot notification for
    servers by testing that the X server is not running (LP: #244250)

6969796... by Steve Beattie on 2012-01-31

fix ecdsa tests

Gbp-Pq: openssl-fix_ECDSA_tests.patch.

c3aa75d... by Steve Beattie on 2012-01-31

Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.

Gbp-Pq: CVE-2012-0050.patch.

416b869... by Steve Beattie on 2012-01-31

Only allow one SGC handshake restart for SSL/TLS.

Gbp-Pq: CVE-2011-4619.patch.

7c7a658... by Steve Beattie on 2012-01-31

Prevent malformed RFC3779 data triggering an assertion failure

Gbp-Pq: CVE-2011-4577.patch.

7802860... by Steve Beattie on 2012-01-31

Clear bytes used for block padding of SSL 3.0 records.

Gbp-Pq: CVE-2011-4576.patch.

c74902f... by Steve Beattie on 2012-01-31

Fix double free in policy check code (CVE-2011-4109)

Gbp-Pq: CVE-2011-4109.patch.

217420d... by Steve Beattie on 2012-01-31

Fix for DTLS plaintext recovery attack

Gbp-Pq: CVE-2011-4108.patch.

48a9e18... by Steve Beattie on 2012-01-31

(EC)DH memory handling fixes.

Gbp-Pq: CVE-2011-3210.patch.

005af68... by Steve Beattie on 2012-01-31

Fix CVE-2011-1945, timing attacks against ECDHE_ECDSA makes

Gbp-Pq: CVE-2011-1945.patch.