ubuntu/+source/openssl:applied/ubuntu/vivid-proposed

Last commit made on 2015-03-19
Get this branch:
git clone -b applied/ubuntu/vivid-proposed https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/vivid-proposed
Repository:
lp:ubuntu/+source/openssl

Recent commits

a70d7a3... by Marc Deslauriers on 2015-03-19

Import patches-applied version 1.0.1f-1ubuntu11 to applied/ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: b1eaab68b5c561c3491635b73e70de55488bd17a
Unapplied parent: 613d8c53d4ee150f46fbe794fd6f653713773025

New changelog entries:
  * SECURITY UPDATE: denial of service and possible memory corruption via
    malformed EC private key
    - debian/patches/CVE-2015-0209.patch: fix use after free in
      crypto/ec/ec_asn1.c.
    - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
      freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
    - CVE-2015-0209
  * SECURITY UPDATE: denial of service via cert verification
    - debian/patches/CVE-2015-0286.patch: handle boolean types in
      crypto/asn1/a_type.c.
    - CVE-2015-0286
  * SECURITY UPDATE: ASN.1 structure reuse memory corruption
    - debian/patches/CVE-2015-0287.patch: free up structures in
      crypto/asn1/tasn_dec.c.
    - CVE-2015-0287
  * SECURITY UPDATE: denial of service via invalid certificate key
    - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
      crypto/x509/x509_req.c.
    - CVE-2015-0288
  * SECURITY UPDATE: denial of service and possible code execution via
    PKCS#7 parsing
    - debian/patches/CVE-2015-0289.patch: handle missing content in
      crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
    - CVE-2015-0289
  * SECURITY UPDATE: denial of service or memory corruption via base64
    decoding
    - debian/patches/CVE-2015-0292.patch: prevent underflow in
      crypto/evp/encode.c.
    - CVE-2015-0292
  * SECURITY UPDATE: denial of service via assert in SSLv2 servers
    - debian/patches/CVE-2015-0293.patch: check key lengths in
      ssl/s2_lib.c, ssl/s2_srvr.c.
    - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
      ssl/s2_srvr.c.
    - CVE-2015-0293

613d8c5... by Marc Deslauriers on 2015-03-19

[PATCH] Fix unsigned/signed warnings

Gbp-Pq: CVE-2015-0293-2.patch.

89d3d0a... by Marc Deslauriers on 2015-03-19

[PATCH] Fix a failure to NULL a pointer freed on error.

Gbp-Pq: CVE-2015-0209-2.patch.

a1e7681... by Marc Deslauriers on 2015-03-19

CVE-2015-0293.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2015-0293.patch.

c954c9e... by Marc Deslauriers on 2015-03-19

[PATCH] evp: prevent underflow in base64 decoding

Gbp-Pq: CVE-2015-0292.patch.

41a4220... by Marc Deslauriers on 2015-03-19

CVE-2015-0289.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2015-0289.patch.

98a1c89... by Marc Deslauriers on 2015-03-19

[PATCH] Check public key is not NULL.

Gbp-Pq: CVE-2015-0288.patch.

94c010d... by Marc Deslauriers on 2015-03-19

CVE-2015-0287.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2015-0287.patch.

445c42b... by Marc Deslauriers on 2015-03-19

CVE-2015-0286.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2015-0286.patch.

05e0ace... by Marc Deslauriers on 2015-03-19

[PATCH] Fix a failure to NULL a pointer freed on error.

Gbp-Pq: CVE-2015-0209.patch.