Comment 3 for bug 693902

This bug was fixed in the package openssl - 0.9.8o-4ubuntu1

---------------
openssl (0.9.8o-4ubuntu1) natty; urgency=low

  * Merge from debian unstable. Remaining changes: (LP: #693902)
    - debian/patches/Bsymbolic-functions.patch: Link using
      -Bsymbolic-functions.
    - Use a different priority for libssl0.9.8/restart-services
      depending on whether a desktop, or server dist-upgrade is being
      performed.
    - Display a system restart required notification bubble on libssl0.9.8
      upgrade.
    - Don't build for processors no longer supported: i486, i586
      (on i386), v8 (on sparc).
    - Create libssl0.9.8-udeb, for the benefit of wget-udeb (no
      wget-udeb package in Debian).
    - Replace duplicate files in the doc directory with symlinks.
    - Move runtime libraries to /lib, for the benefit of wpasupplicant.
    - Ship documentation in openssl-doc, suggested by the package.
      (Closes: #470594)
    - Use host compiler when cross-building. Patch from Neil Williams.
      (Closes: #465248).
    - Don't run 'make test' when cross-building.
    - debian/patches/aesni.patch: Backport Intel AES-NI support from
      http://rt.openssl.org/Ticket/Display.html?id=2067 (refreshed)
    - debian/patches/perlpath-quilt.patch: Don't change perl #! paths
      under .pc.
    - debian/patches/no-sslv2.patch: disable SSLv2 to match NSS
      and GnuTLS. The protocol is unsafe and extremely deprecated.
      (Closes: #589706)

openssl (0.9.8o-4) unstable; urgency=low

  * Fix CVE-2010-4180 (Closes: #529221)
 -- Artur Rona <email address hidden> Thu, 23 Dec 2010 20:20:03 +0100