Change log for openssl package in Ubuntu
451 → 479 of 479 results | First • Previous • Next • Last |
openssl (0.9.8a-7ubuntu0.4) dapper-security; urgency=low [ Jamie Strandboge ] * SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in buffer overflow * ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to Stephan Hermann * References: CVE-2007-5135 http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded Fixes LP: #146269 [ Kees Cook ] * SECURITY UPDATE: side-channel attacks via BN_from_montgomery function. * crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian. * References CVE-2007-3108 -- Kees Cook <email address hidden> Fri, 28 Sep 2007 13:10:15 -0700
Superseded in gutsy-release |
openssl (0.9.8e-5ubuntu2) gutsy; urgency=low [ Jamie Strandboge ] * SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in buffer overflow * ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to Stephan Hermann * References: CVE-2007-5135 http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded Fixes LP: #146269 * Modify Maintainer value to match the DebianMaintainerField specification. [ Kees Cook ] * SECURITY UPDATE: side-channel attacks via BN_from_montgomery function. * crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian. * References CVE-2007-3108 -- Kees Cook <email address hidden> Fri, 28 Sep 2007 13:02:19 -0700
Superseded in gutsy-release |
openssl (0.9.8e-5ubuntu1) gutsy; urgency=low * Configure: Add support for lpia. * Explicitely build using gcc-4.1 (PR other/31359). -- Matthias Klose <email address hidden> Tue, 31 Jul 2007 12:47:38 +0000
openssl (0.9.8e-5) unstable; urgency=low [ Christian Perrier ] * Debconf templates proofread and slightly rewritten by the debian-l10n-english team as part of the Smith Review Project. Closes: #418584 * Debconf templates translations: - Arabic. Closes: #418669 - Russian. Closes: #418670 - Galician. Closes: #418671 - Swedish. Closes: #418679 - Korean. Closes: #418755 - Czech. Closes: #418768 - Basque. Closes: #418784 - German. Closes: #418785 - Traditional Chinese. Closes: #419915 - Brazilian Portuguese. Closes: #419959 - French. Closes: #420429 - Italian. Closes: #420461 - Japanese. Closes: #420482 - Catalan. Closes: #420833 - Dutch. Closes: #420925 - Malayalam. Closes: #420986 - Portuguese. Closes: #421032 - Romanian. Closes: #421708 [ Kurt Roeckx ] * Remove the Provides for the udeb. Patch from Frans Pop. (Closes: #419608) * Updated Spanish debconf template. (Closes: #421336) * Do the header changes, changing those defines into real functions, and bump the shlibs to match. * Update Japanese debconf translation. (Closes: #422270) -- Ubuntu Archive Auto-Sync <email address hidden> Wed, 16 May 2007 07:55:35 +0100
openssl (0.9.8e-4) unstable; urgency=low * openssl should depend on libssl0.9.8 0.9.8e-1 since it uses some of the defines that changed to functions. Other things build against libssl or libcrypto shouldn't have this problem since they use the old headers. (Closes: #414283)
openssl (0.9.8c-4build1) feisty; urgency=low * Rebuild for changes in the amd64 toolchain. -- Matthias Klose <email address hidden> Mon, 5 Mar 2007 01:24:00 +0000
openssl (0.9.8c-4) unstable; urgency=low * Add German debconf translation. Thanks to Johannes Starosta <email address hidden> (Closes: #388108) * Make c_rehash look for both .pem and .crt files. Also make it support files in DER format. Patch by "Yauheni Kaliuta" <email address hidden> (Closes: #387089) * Use & instead of && to check a flag in the X509 policy checking. Patch from upstream cvs. (Closes: #397151) * Also restart slapd for security updates (Closes: #400221) * Add Romanian debconf translation. Thanks to stan ioan-eugen <email address hidden> (Closes: #393507) -- Ubuntu Archive Auto-Sync <email address hidden> Wed, 06 Dec 2006 13:09:17 +0000
openssl (0.9.8c-3) unstable; urgency=low * Fix patch for CVE-2006-2940, it left ctx unintiliased.
Superseded in dapper-security |
openssl (0.9.8a-7ubuntu0.3) dapper-security; urgency=low * crypto/dh/dh_key.c: Fix return value to prevent free'ing an uninit'ed pointer. -- Martin Pitt <email address hidden> Wed, 4 Oct 2006 10:30:54 +0200
Obsolete in breezy-security |
openssl (0.9.7g-1ubuntu1.5) breezy-security; urgency=low * SECURITY UPDATE: Previous update did not completely fix CVE-2006-2940. * crypto/rsa/rsa_eay.c: Apply max. modulus bits checking to RSA_eay_public_decrypt() instead of RSA_eay_private_encrypt(). Thanks to Mark J. Cox for noticing! * crypto/dh/dh_key.c: Fix return value to prevent free'ing an uninit'ed pointer. -- Martin Pitt <email address hidden> Wed, 4 Oct 2006 08:26:54 +0000
Obsolete in hoary-security |
openssl (0.9.7e-3ubuntu0.6) hoary-security; urgency=low * SECURITY UPDATE: Previous update did not completely fix CVE-2006-2940. * crypto/rsa/rsa_eay.c: Apply max. modulus bits checking to RSA_eay_public_decrypt() instead of RSA_eay_private_encrypt(). Thanks to Mark J. Cox for noticing! * crypto/dh/dh_key.c: Fix return value to prevent free'ing an uninit'ed pointer. -- Martin Pitt <email address hidden> Wed, 4 Oct 2006 07:53:40 +0000
openssl (0.9.8b-2ubuntu2) edgy; urgency=low * SECURITY UPDATE: Remote arbitrary code execution, remote DoS. * crypto/asn1/tasn_dec.c, asn1_d2i_ex_primitive(): Initialize 'ret' to avoid an infinite loop in some circumstances. [CVE-2006-2937] * ssl/ssl_lib.c, SSL_get_shared_ciphers(): Fix len comparison to correctly handle invalid long cipher list strings. [CVE-2006-3738] * ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to avoid client crash with malicious server responses. [CVE-2006-4343] * Certain types of public key could take disproportionate amounts of time to process. Apply patch from Bodo Moeller to impose limits to public key type values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940] * Updated patch in previous package version to fix a few corner-case regressions. (This reverts the changes to rsa_eay.c/rsa.h/rsa_err.c, which were determined to not be necessary). -- Martin Pitt <email address hidden> Wed, 27 Sep 2006 12:16:12 +0200
Superseded in dapper-security |
openssl (0.9.8a-7ubuntu0.2) dapper-security; urgency=low * SECURITY UPDATE: Remote arbitrary code execution, remote DoS. * crypto/asn1/tasn_dec.c, asn1_d2i_ex_primitive(): Initialize 'ret' to avoid an infinite loop in some circumstances. [CVE-2006-2937] * ssl/ssl_lib.c, SSL_get_shared_ciphers(): Fix len comparison to correctly handle invalid long cipher list strings. [CVE-2006-3738] * ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to avoid client crash with malicious server responses. [CVE-2006-4343] * Certain types of public key could take disproportionate amounts of time to process. Apply patch from Bodo Moeller to impose limits to public key type values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940] * Updated patch in previous package version to fix a few corner-case regressions. (This reverts the changes to rsa_eay.c/rsa.h/rsa_err.c, which were determined to not be necessary). -- Martin Pitt <email address hidden> Wed, 27 Sep 2006 10:26:23 +0000
Superseded in breezy-security |
openssl (0.9.7g-1ubuntu1.3) breezy-security; urgency=low * SECURITY UPDATE: Remote arbitrary code execution, remote DoS. * crypto/asn1/tasn_dec.c, asn1_d2i_ex_primitive(): Initialize 'ret' to avoid an infinite loop in some circumstances. [CVE-2006-2937] * ssl/ssl_lib.c, SSL_get_shared_ciphers(): Fix len comparison to correctly handle invalid long cipher list strings. [CVE-2006-3738] * ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to avoid client crash with malicious server responses. [CVE-2006-4343] * Certain types of public key could take disproportionate amounts of time to process. Apply patch from Bodo Moeller to impose limits to public key type values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940] * Updated patch in previous package version to fix a few corner-case regressions. (This reverts the changes to rsa_eay.c/rsa.h/rsa_err.c, which were determined to not be necessary). -- Martin Pitt <email address hidden> Wed, 27 Sep 2006 10:51:00 +0000
Superseded in hoary-security |
openssl (0.9.7e-3ubuntu0.4) hoary-security; urgency=low * SECURITY UPDATE: Remote arbitrary code execution, remote DoS. * crypto/asn1/tasn_dec.c, asn1_d2i_ex_primitive(): Initialize 'ret' to avoid an infinite loop in some circumstances. [CVE-2006-2937] * ssl/ssl_lib.c, SSL_get_shared_ciphers(): Fix len comparison to correctly handle invalid long cipher list strings. [CVE-2006-3738] * ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to avoid client crash with malicious server responses. [CVE-2006-4343] * Certain types of public key could take disproportionate amounts of time to process. Apply patch from Bodo Moeller to impose limits to public key type values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940] * Updated patch in previous package version to fix a few corner-case regressions. (This reverts the changes to rsa_eay.c/rsa.h/rsa_err.c, which were determined to not be necessary). -- Martin Pitt <email address hidden> Wed, 27 Sep 2006 11:10:01 +0000
Superseded in dapper-security |
openssl (0.9.8a-7ubuntu0.1) dapper-security; urgency=low * SECURITY UPDATE: signature forgery in some cases. * Apply http://www.openssl.org/news/patch-CVE-2006-4339.txt: - Check excessive data in padding of PKCS #1 v1.5 signatures to prevent applications from incorrectly verifying the certificate. * References: CVE-2006-4339 http://www.openssl.org/news/secadv_20060905.txt -- Martin Pitt <email address hidden> Tue, 5 Sep 2006 11:40:08 +0000
Superseded in breezy-security |
openssl (0.9.7g-1ubuntu1.2) breezy-security; urgency=low * SECURITY UPDATE: signature forgery in some cases. * Apply http://www.openssl.org/news/patch-CVE-2006-4339.txt: - Check excessive data in padding of PKCS #1 v1.5 signatures to prevent applications from incorrectly verifying the certificate. * References: CVE-2006-4339 http://www.openssl.org/news/secadv_20060905.txt -- Martin Pitt <email address hidden> Tue, 5 Sep 2006 12:16:57 +0000
Superseded in hoary-security |
openssl (0.9.7e-3ubuntu0.3) hoary-security; urgency=low * SECURITY UPDATE: signature forgery in some cases. * Apply http://www.openssl.org/news/patch-CVE-2006-4339.txt: - Check excessive data in padding of PKCS #1 v1.5 signatures to prevent applications from incorrectly verifying the certificate. * References: CVE-2006-4339 http://www.openssl.org/news/secadv_20060905.txt -- Martin Pitt <email address hidden> Tue, 5 Sep 2006 12:23:43 +0000
Superseded in edgy-release |
openssl (0.9.8b-2ubuntu1) edgy; urgency=low * SECURITY UPDATE: signature forgery in some cases. * Apply http://www.openssl.org/news/patch-CVE-2006-4339.txt: - Check excessive data in padding of PKCS #1 v1.5 signatures to prevent applications from incorrectly verifying the certificate. * References: CVE-2006-4339 http://www.openssl.org/news/secadv_20060905.txt -- Martin Pitt <email address hidden> Tue, 5 Sep 2006 14:13:15 +0200
Superseded in edgy-release |
openssl (0.9.8b-2build1) edgy; urgency=low * Rebuild with current zlib1g-dev to fix udeb shlibdeps. -- Colin Watson <email address hidden> Mon, 31 Jul 2006 11:27:23 +0100
openssl (0.9.8b-2) unstable; urgency=low * Don't call gcc with -mcpu on i386, we already use -march, so no need for -mtune either. * Always make all directories when building something: - The engines directory didn't get build for the static directory, so where missing in libcrypo.a - The apps directory didn't always get build, so we didn't have an openssl and a small part of the regression tests failed. * Make the package fail to build if the regression tests fail.
openssl (0.9.8a-7build1) dapper; urgency=low * Fake sync from Debian to resolve a problem with establishing TCP connections over the BIO API, add a new debconf translation, and resolve a build failure with libio-socket-ssl-perl.
openssl (0.9.8a-5) unstable; urgency=low * Stop ssh from crashing randomly on sparc (Closes: #335912) Patch from upstream cvs. -- Kurt Roeckx <email address hidden> Tue, 13 Dec 2005 21:37:42 +0100
openssl (0.9.7g-1ubuntu1.1) breezy-security; urgency=low * SECURITY UPDATE: Fix cryptographic weakness. * ssl/s23_srvr.c: - When using SSL_OP_MSIE_SSLV2_RSA_PADDING, do not disable the protocol-version rollback check, so that a man-in-the-middle cannot force a client and server to fall back to the insecure SSL 2.0 protocol. - Problem discovered by Yutaka Oiwa. * References: CAN-2005-2969 http://www.openssl.org/news/secadv_20051011.txt -- Martin Pitt <email address hidden> Thu, 13 Oct 2005 09:33:30 +0000
Obsolete in breezy-release |
openssl (0.9.7g-1ubuntu1) breezy; urgency=low * apps/openssl.cnf: Change CA and req default message digest algorithm to SHA-1 since MD5 is deemed insecure. (Ubuntu #13593) -- Martin Pitt <email address hidden> Wed, 24 Aug 2005 09:57:52 +0200
openssl (0.9.7e-3ubuntu0.2) hoary-security; urgency=low * SECURITY UPDATE: Fix cryptographic weakness. * ssl/s23_srvr.c: - When using SSL_OP_MSIE_SSLV2_RSA_PADDING, do not disable the protocol-version rollback check, so that a man-in-the-middle cannot force a client and server to fall back to the insecure SSL 2.0 protocol. - Problem discovered by Yutaka Oiwa. * References: CAN-2005-2969 http://www.openssl.org/news/secadv_20051011.txt -- Martin Pitt <email address hidden> Thu, 13 Oct 2005 09:46:30 +0000
openssl (0.9.7e-3) unstable; urgency=high * really fix der_chop. The fix from -1 was not really included (closes: #281212) * still fixes security problem CAN-2004-0975 etc. - tempfile raise condition in der_chop - Avoid a race condition when CRLs are checked in a multi threaded environment. -- Christoph Martin <email address hidden> Thu, 16 Dec 2004 18:41:29 +0100
openssl (0.9.7d-3ubuntu0.3) warty-security; urgency=low * SECURITY UPDATE: Fix cryptographic weakness. * ssl/s23_srvr.c: - When using SSL_OP_MSIE_SSLV2_RSA_PADDING, do not disable the protocol-version rollback check, so that a man-in-the-middle cannot force a client and server to fall back to the insecure SSL 2.0 protocol. - Problem discovered by Yutaka Oiwa. * References: CAN-2005-2969 http://www.openssl.org/news/secadv_20051011.txt -- Martin Pitt <email address hidden> Thu, 13 Oct 2005 09:48:51 +0000
openssl (0.9.7d-3) unstable; urgency=low * rename -pic.a libraries to _pic.a (closes: #250016) -- Christoph Martin <email address hidden> Mon, 24 May 2004 17:02:29 +0200
451 → 479 of 479 results | First • Previous • Next • Last |