ubuntu/+source/openssl:applied/ubuntu/quantal-security

Last commit made on 2014-05-05
Get this branch:
git clone -b applied/ubuntu/quantal-security https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/quantal-security
Repository:
lp:ubuntu/+source/openssl

Recent commits

9fb0c89... by Marc Deslauriers on 2014-05-02

Import patches-applied version 1.0.1c-3ubuntu2.8 to applied/ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 740bfca1489b9ed15d3ec5a901ef2b3a1dd9ad06
Unapplied parent: 6130fceb6f96f165e9daa9e8b27b0151d83c98ce

New changelog entries:
  * SECURITY UPDATE: denial of service via use after free
    - debian/patches/CVE-2010-5298.patch: check s->s3->rbuf.left before
      releasing buffers in ssl/s3_pkt.c.
    - CVE-2010-5298
  * SECURITY UPDATE: denial of service via null pointer dereference
    - debian/patches/CVE-2014-0198.patch: if buffer was released, get a new
      one in ssl/s3_pkt.c.
    - CVE-2014-0198

6130fce... by Marc Deslauriers on 2014-05-02

fix denial of service via null pointer dereference

Gbp-Pq: CVE-2014-0198.patch.

9c39aba... by Marc Deslauriers on 2014-05-02

fix denial of service via use after free

Gbp-Pq: CVE-2010-5298.patch.

cfc1fd7... by Marc Deslauriers on 2014-05-02

fix memory disclosure in TLS heartbeat extension

Gbp-Pq: CVE-2014-0160.patch.

c9863a7... by Marc Deslauriers on 2014-05-02

fix side-channel attack on Montgomery ladder implementation

Gbp-Pq: CVE-2014-0076.patch.

c6437bc... by Marc Deslauriers on 2014-05-02

[PATCH] Don't use rdrand engine as default unless explicitly

Gbp-Pq: no_default_rdrand.patch.

2496ce4... by Marc Deslauriers on 2014-05-02

fix denial of service via DTLS retransmission

Gbp-Pq: CVE-2013-6450.patch.

ae9e21d... by Marc Deslauriers on 2014-05-02

fix denial of service via incorrect data structure

Gbp-Pq: CVE-2013-6449.patch.

0a5a701... by Marc Deslauriers on 2014-05-02

[PATCH] Fix for TLS record tampering bug CVE-2013-4353

Gbp-Pq: CVE-2013-4353.patch.

913fd5a... by Marc Deslauriers on 2014-05-02

Only enable zlib if OPENSSL_DEFAULT_ZLIB is defined in the

Gbp-Pq: openssl-1.0.1e-env-zlib.patch.