Last commit made on 2016-09-23
Get this branch:
git clone -b applied/ubuntu/yakkety https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

8cef225... by Marc Deslauriers on 2016-09-23

Import patches-applied version 1.0.2g-1ubuntu9 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 0591e4c10130de4507944c106eea8cc877aa4385
Unapplied parent: 26ea7eab9cbe501d0c850e9585721e903f212f05

New changelog entries:
  * SECURITY UPDATE: Pointer arithmetic undefined behaviour
    - debian/patches/CVE-2016-2177.patch: avoid undefined pointer
      arithmetic in ssl/s3_srvr.c, ssl/ssl_sess.c, ssl/t1_lib.c.
    - CVE-2016-2177
  * SECURITY UPDATE: Constant time flag not preserved in DSA signing
    - debian/patches/CVE-2016-2178-*.patch: preserve BN_FLG_CONSTTIME in
    - CVE-2016-2178
  * SECURITY UPDATE: DTLS buffered message DoS
    - debian/patches/CVE-2016-2179.patch: fix queue handling in
      ssl/d1_both.c, ssl/d1_clnt.c, ssl/d1_lib.c, ssl/d1_srvr.c,
    - CVE-2016-2179
  * SECURITY UPDATE: OOB read in TS_OBJ_print_bio()
    - debian/patches/CVE-2016-2180.patch: fix text handling in
    - CVE-2016-2180
  * SECURITY UPDATE: DTLS replay protection DoS
    - debian/patches/CVE-2016-2181-1.patch: properly handle unprocessed
      records in ssl/d1_pkt.c.
    - debian/patches/CVE-2016-2181-2.patch: protect against replay attacks
      in ssl/d1_pkt.c, ssl/ssl.h, ssl/ssl_err.c.
    - debian/patches/CVE-2016-2181-3.patch: update error code in ssl/ssl.h.
    - CVE-2016-2181
  * SECURITY UPDATE: OOB write in BN_bn2dec()
    - debian/patches/CVE-2016-2182.patch: don't overflow buffer in
    - debian/patches/CVE-2016-2182-2.patch: fix off-by-one in overflow
      check in crypto/bn/bn_print.c.
    - CVE-2016-2182
    - debian/patches/CVE-2016-2183.patch: move DES ciphersuites from HIGH
      to MEDIUM in ssl/s3_lib.c.
    - CVE-2016-2183
  * SECURITY UPDATE: Malformed SHA512 ticket DoS
    - debian/patches/CVE-2016-6302.patch: sanity check ticket length in
    - CVE-2016-6302
  * SECURITY UPDATE: OOB write in MDC2_Update()
    - debian/patches/CVE-2016-6303.patch: avoid overflow in
    - CVE-2016-6303
  * SECURITY UPDATE: OCSP Status Request extension unbounded memory growth
    - debian/patches/CVE-2016-6304.patch: remove OCSP_RESPIDs from previous
      handshake in ssl/t1_lib.c.
    - CVE-2016-6304
  * SECURITY UPDATE: Certificate message OOB reads
    - debian/patches/CVE-2016-6306-1.patch: check lengths in ssl/s3_clnt.c,
    - debian/patches/CVE-2016-6306-2.patch: make message buffer slightly
      larger in ssl/d1_both.c, ssl/s3_both.c.
    - CVE-2016-6306

26ea7ea... by Marc Deslauriers on 2016-09-23

[PATCH] Fix overflow check in BN_bn2dec()

Gbp-Pq: CVE-2016-2182-2.patch.

88f9ada... by Marc Deslauriers on 2016-09-23

[PATCH] Make message buffer slightly larger than message.

Gbp-Pq: CVE-2016-6306-2.patch.

7440372... by Marc Deslauriers on 2016-09-23

[PATCH] Fix small OOB reads.

Gbp-Pq: CVE-2016-6306-1.patch.

ef9f863... by Marc Deslauriers on 2016-09-23

[PATCH] Fix OCSP Status Request extension unbounded memory growth

Gbp-Pq: CVE-2016-6304.patch.

92c97d7... by Marc Deslauriers on 2016-09-23

[PATCH] Avoid overflow in MDC2_Update()

Gbp-Pq: CVE-2016-6303.patch.

8580ba5... by Marc Deslauriers on 2016-09-23

[PATCH] Sanity check ticket length.

Gbp-Pq: CVE-2016-6302.patch.

1feb598... by Marc Deslauriers on 2016-09-23

[PATCH] SWEET32 (CVE-2016-2183): Move DES from HIGH to MEDIUM

Gbp-Pq: CVE-2016-2183.patch.

638236c... by Marc Deslauriers on 2016-09-23

[PATCH] Check for errors in BN_bn2dec()

Gbp-Pq: CVE-2016-2182.patch.

16b632a... by Marc Deslauriers on 2016-09-23

[PATCH] Update function error code

Gbp-Pq: CVE-2016-2181-3.patch.