Ubuntu
openssl package

Please sync openssl (main) from unstable (main)

Bug #69239 reported by Martin Pitt on 2006-10-30
4
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Fix Released
Undecided
Scott James Remnant (Canonical)
Also affects project (?) Also affects distribution/package Nominate for series

Bug Description

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects distros/ubuntu/openssl
 status confirmed
 subscribe ubuntu-archive

Please sync openssl (main) from Debian unstable (main).

Changelog since current edgy version 0.9.8b-2ubuntu2:

openssl (0.9.8c-3) unstable; urgency=low

  * Fix patch for CVE-2006-2940, it left ctx unintiliased.

 -- Kurt Roeckx <email address hidden> Mon, 2 Oct 2006 18:05:00 +0200

openssl (0.9.8c-2) unstable; urgency=high

  * Fix security vulnerabilities (CVE-2006-2937, CVE-2006-2940,
    CVE-2006-3738, CVE-2006-4343). Urgency set to high.

 -- Kurt Roeckx <email address hidden> Wed, 27 Sep 2006 21:24:55 +0000

openssl (0.9.8c-1) unstable; urgency=low

  * New upstream release
    - block padding bug with compression now fixed upstream, using
      their patch.
    - Includes the RSA Signature Forgery (CVE-2006-4339) patch.
    - New functions AES_bi_ige_encrypt and AES_ige_encrypt:
      bumping shlibs to require 0.9.8c-1.
  * Change the postinst script to check that ntp is installed instead
    of ntp-refclock and ntp-simple. The binary is now in the ntp
    package.
  * Move the modified rand/md_rand.c file to the right place,
    really fixing #363516.
  * Add partimage-server conserver-server and tor to the list of service
    to check for restart. Add workaround for openssh-server so it finds
    the init script. (Closes: #386365, #386400, #386513)
  * Add manpage for c_rehash.
    Thanks to James Westby <email address hidden> (Closes: #215618)
  * Add Lithuanian debconf translation.
    Thanks to Gintautas Miliauskas <email address hidden> (Closes: #374364)
  * Add m32r support.
    Thanks to Kazuhiro Inaoka <email address hidden>
    (Closes: #378689)

 -- Kurt Roeckx <email address hidden> Sun, 17 Sep 2006 14:47:59 +0000

openssl (0.9.8b-3) unstable; urgency=high

  * Fix RSA Signature Forgery (CVE-2006-4339) using patch provided
    by upstream.
  * Restart services using a smaller version that 0.9.8b-3, so
    they get the fixed version.
  * Change the postinst to check for postfix instead of postfix-tls.

 -- Kurt Roeckx <email address hidden> Tue, 5 Sep 2006 18:26:10 +0000

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFRcFiDecnbV4Fd/IRAsyHAKCaO5xvoPmh11HI56iTl36mK1y52gCfaFj8
z5b3rf9zetfqx+tMDf2rh7o=
=yUnb
-----END PGP SIGNATURE-----

Martin Pitt (pitti) wrote :

Only Ubuntu changes were security patches, all of them are applied upstream and in Debian.

Scott James Remnant (Canonical) (canonical-scott) wrote :

[Updating] openssl (0.9.8b-2ubuntu2 [Ubuntu] < 0.9.8c-3 [Debian])
 * Trying to add openssl...
  - <openssl_0.9.8c-3.dsc: downloading from http://ftp.debian.org/debian/>
  - <openssl_0.9.8c.orig.tar.gz: downloading from http://ftp.debian.org/debian/>
  - <openssl_0.9.8c-3.diff.gz: downloading from http://ftp.debian.org/debian/>
I: openssl [main] -> libssl-dev_0.9.8b-2ubuntu2 [main].
I: openssl [main] -> openssl_0.9.8b-2ubuntu2 [main].
I: openssl [main] -> libssl0.9.8-dbg_0.9.8b-2ubuntu2 [main].
I: openssl [main] -> libssl0.9.8_0.9.8b-2ubuntu2 [main].
I: openssl [main] -> libcrypto0.9.8-udeb_0.9.8b-2ubuntu2 [main].

Changed in openssl:
assignee: nobody → keybuk
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.
Subscribing...

Other bug subscribers