ubuntu/+source/openssl:applied/ubuntu/utopic-devel

Last commit made on 2015-06-11
Get this branch:
git clone -b applied/ubuntu/utopic-devel https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/utopic-devel
Repository:
lp:ubuntu/+source/openssl

Recent commits

1fd98f3... by Marc Deslauriers on 2015-06-11

Import patches-applied version 1.0.1f-1ubuntu9.8 to applied/ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: 2e7f7d28181e7c911d3136fc2c80fd3a496fbbf6
Unapplied parent: d399662511c1f52fa1a012cd29f7605283fd6ce5

New changelog entries:
  * SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
    - debian/patches/reject_small_dh.patch: reject small dh keys in
      ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
      doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
      dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod.
  * SECURITY UPDATE: denial of service and possible code execution via
    invalid free in DTLS
    - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
    - CVE-2014-8176
  * SECURITY UPDATE: denial of service via malformed ECParameters
    - debian/patches/CVE-2015-1788.patch: improve logic in
      crypto/bn/bn_gf2m.c.
    - CVE-2015-1788
  * SECURITY UPDATE: denial of service via out-of-bounds read in
    X509_cmp_time
    - debian/patches/CVE-2015-1789.patch: properly parse time format in
      crypto/x509/x509_vfy.c.
    - CVE-2015-1789
  * SECURITY UPDATE: denial of service via missing EnvelopedContent
    - debian/patches/CVE-2015-1790.patch: handle NULL data_body in
      crypto/pkcs7/pk7_doit.c.
    - CVE-2015-1790
  * SECURITY UPDATE: race condition in NewSessionTicket
    - debian/patches/CVE-2015-1791.patch: create a new session in
      ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
      ssl/ssl_sess.c.
    - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
      ssl/ssl_sess.c.
    - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
      ssl/ssl_sess.c.
    - CVE-2015-1791
  * SECURITY UPDATE: CMS verify infinite loop with unknown hash function
    - debian/patches/CVE-2015-1792.patch: fix infinite loop in
      crypto/cms/cms_smime.c.
    - CVE-2015-1792

d399662... by Marc Deslauriers on 2015-06-11

[PATCH] More ssl_session_dup fixes

Gbp-Pq: CVE-2015-1791-3.patch.

b78e5b7... by Marc Deslauriers on 2015-06-11

[PATCH] Fix Kerberos issue in ssl_session_dup

Gbp-Pq: CVE-2015-1791-2.patch.

c2838ff... by Marc Deslauriers on 2015-06-11

fix CMS verify infinite loop with unknown hash function

Gbp-Pq: CVE-2015-1792.patch.

5c92393... by Marc Deslauriers on 2015-06-11

fix denial of service via missing EnvelopedContent

Gbp-Pq: CVE-2015-1790.patch.

ea50bea... by Marc Deslauriers on 2015-06-11

fix denial of service via out-of-bounds read in X509_cmp_time

Gbp-Pq: CVE-2015-1789.patch.

488a8d2... by Marc Deslauriers on 2015-06-11

fix denial of service via malformed ECParameters

Gbp-Pq: CVE-2015-1788.patch.

5eccf69... by Marc Deslauriers on 2015-06-11

[PATCH] Fix race condition in NewSessionTicket

Gbp-Pq: CVE-2015-1791.patch.

61884f1... by Marc Deslauriers on 2015-06-11

[PATCH] Free up s->d1->buffered_app_data.q properly.

Gbp-Pq: CVE-2014-8176.patch.

960d383... by Marc Deslauriers on 2015-06-11

reject dh keys smaller than 768 bits

Gbp-Pq: reject_small_dh.patch.