-
openssl (0.9.8o-4squeeze14) squeeze-security; urgency=low
* Fix CVE-2013-0166 and CVE-2013-0169
-- Kurt Roeckx <email address hidden> Mon, 11 Feb 2013 20:41:07 +0100
-
openssl (0.9.8o-4squeeze13) squeeze-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix CVE-2012-2333: DoS via explicit IV in DTLS
-- Raphael Geissert <email address hidden> Wed, 16 May 2012 16:39:28 -0500
-
openssl (0.9.8o-4squeeze12) squeeze-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix CVE-2012-2131: incomplete fix of CVE-2012-2110
-- Raphael Geissert <email address hidden> Tue, 24 Apr 2012 16:41:03 -0500
-
openssl (0.9.8o-4squeeze7) squeeze-security; urgency=low
* Re-upload with new version number.
-- Kurt Roeckx <email address hidden> Sun, 22 Jan 2012 10:45:12 +0000
-
openssl (0.9.8o-4squeeze3) squeeze; urgency=low
* Non-maintainer upload by the Security Team.
* Fix CVE-2011-3210: SSL memory handling for (EC)DH ciphersuites
-- Raphael Geissert <email address hidden> Sat, 24 Sep 2011 18:57:14 -0500
-
openssl (0.9.8o-4squeeze1) stable-security; urgency=low
* Fix OCSP stapling parse error (CVE-2011-0014) -- Kurt Roeckx <email address hidden> Thu, 10 Feb 2011 19:06:09 +0100
-
openssl (0.9.8o-4) unstable; urgency=low
* Fix CVE-2010-4180 (Closes: #529221) -- Kurt Roeckx <email address hidden> Mon, 06 Dec 2010 20:33:21 +0100
-
openssl (0.9.8o-3) unstable; urgency=high
* Fix TLS extension parsing race condition (CVE-2010-3864) (Closes: #603709)
* Re-add the engines. They were missing since 0.9.8m-1.
Patch by Joerg Schneider. (Closes: #603693)
* Not all architectures were build using -g (Closes: #570702)
* Add powerpcspe support (Closes: #579805)
* Add armhf support (Closes: #596881)
* Update translations:
- Brazilian Portuguese (Closes: #592154)
- Danish (Closes: #599459)
- Vietnamese (Closes: #601536)
- Arabic (Closes: #596166)
* Generate the proper stamp file so that everything doesn't get build twice.
-- Kurt Roeckx <email address hidden> Tue, 16 Nov 2010 19:20:55 +0100
-
openssl (0.9.8o-2) unstable; urgency=high
* Fix CVE-2010-2939: Double free using ECDH. (Closes: #594415)
-- Kurt Roeckx <email address hidden> Thu, 26 Aug 2010 18:25:29 +0200
-
openssl (0.9.8o-1) unstable; urgency=low
* New upstream version
- Add SHA2 algorithms to SSL_library_init().
- aes-x86_64.pl is now PIC, update pic.patch.
* Add sparc64 support (Closes: #560240)
-- Kurt Roeckx <email address hidden> Sun, 18 Apr 2010 01:42:44 +0200
-
openssl (0.9.8n-1) unstable; urgency=high
* New upstream version.
- Fixes CVE-2010-0740.
- Drop cfb.patch, applied upstream.
-- Kurt Roeckx <email address hidden> Thu, 25 Mar 2010 20:30:52 +0100
-
openssl (0.9.8m-2) unstable; urgency=low
* Revert CFB block length change preventing reading older files.
(Closes: #571810, #571940)
-- Kurt Roeckx <email address hidden> Sun, 28 Feb 2010 22:08:49 +0100
-
openssl (0.9.8k-8) unstable; urgency=high
* Clean up zlib state so that it will be reinitialized on next use and
not cause a memory leak. (CVE-2009-4355)
-- Kurt Roeckx <email address hidden> Wed, 13 Jan 2010 21:26:49 +0100
-
openssl (0.9.8k-7) unstable; urgency=low
* Bump the shlibs to require 0.9.8k-1. The following symbols
to added between g and k: AES_wrap_key, AES_unwrap_key,
ASN1_TYPE_set1, ASN1_STRING_set0, asn1_output_data_fn,
SMIME_read_ASN1, BN_X931_generate_Xpq, BN_X931_derive_prime_ex,
BN_X931_generate_prime_ex, COMP_zlib_cleanup, CRYPTO_malloc_debug_init,
int_CRYPTO_set_do_dynlock_callback, CRYPTO_set_mem_info_functions,
CRYPTO_strdup, CRYPTO_dbg_push_info, CRYPTO_dbg_pop_info,
CRYPTO_dbg_remove_all_info, OPENSSL_isservice, OPENSSL_init,
ENGINE_set_load_ssl_client_cert_function,
ENGINE_get_ssl_client_cert_function, ENGINE_load_ssl_client_cert,
EVP_CIPHER_CTX_set_flags, EVP_CIPHER_CTX_clear_flags,
EVP_CIPHER_CTX_test_flags, HMAC_CTX_set_flags, OCSP_sendreq_new
OCSP_sendreq_nbio, OCSP_REQ_CTX_free, RSA_X931_derive_ex,
RSA_X931_generate_key_ex, X509_ALGOR_set0, X509_ALGOR_get0,
X509at_get0_data_by_OBJ, X509_get1_ocsp
-- Kurt Roeckx <email address hidden> Sat, 28 Nov 2009 14:34:26 +0100
-
openssl (0.9.8k-6) unstable; urgency=low
* Disable SSL/TLS renegotiation (CVE-2009-3555) (Closes: #555829)
-- Kurt Roeckx <email address hidden> Thu, 12 Nov 2009 18:10:31 +0000
-
openssl (0.9.8k-5) unstable; urgency=low
* Don't check self signed certificate signatures in X509_verify_cert()
(Closes: #541735)
-- Kurt Roeckx <email address hidden> Fri, 11 Sep 2009 15:42:32 +0200
-
openssl (0.9.8k-4) unstable; urgency=low
* Split all the patches into a separate files
* Stop undefinging HZ, the issue on alpha should be fixed.
* Remove MD2 from digest algorithm table. (CVE-2009-2409) (Closes: #539899)
-- Kurt Roeckx <email address hidden> Tue, 11 Aug 2009 21:19:18 +0200
-
openssl (0.9.8k-3) unstable; urgency=low
* Make rc4-x86_64 PIC. Based on patch from Petr Salinger (Closes: #532336)
* Add workaround for kfreebsd that can't see the different between
two pipes. Patch from Petr Salinger.
-- Kurt Roeckx <email address hidden> Sat, 13 Jun 2009 18:15:46 +0200
-
openssl (0.9.8g-16) unstable; urgency=high
* Properly validate the length of an encoded BMPString and UniversalString
(CVE-2009-0590) (Closes: #522002)
-- Kurt Roeckx <email address hidden> Wed, 01 Apr 2009 22:04:53 +0200
-
openssl (0.9.8g-15) unstable; urgency=low
* Internal calls to didn't properly check for errors which
resulted in malformed DSA and ECDSA signatures being treated as
a good signature rather than as an error. (CVE-2008-5077)
* ipv6_from_asc() could write 1 byte longer than the buffer in case
the ipv6 address didn't have "::" part. (Closes: #506111)
-- Kurt Roeckx <email address hidden> Mon, 05 Jan 2009 21:14:31 +0100