Change log for openssl package in Ubuntu
| 151 → 179 of 479 results | First • Previous • Next • Last |
openssl (0.9.8a-7ubuntu0.4) dapper-security; urgency=low
[ Jamie Strandboge ]
* SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in
buffer overflow
* ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to
Stephan Hermann
* References:
CVE-2007-5135
http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded
Fixes LP: #146269
[ Kees Cook ]
* SECURITY UPDATE: side-channel attacks via BN_from_montgomery function.
* crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian.
* References
CVE-2007-3108
-- Kees Cook <email address hidden> Fri, 28 Sep 2007 13:10:15 -0700
| Superseded in gutsy-release |
openssl (0.9.8e-5ubuntu2) gutsy; urgency=low
[ Jamie Strandboge ]
* SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in
buffer overflow
* ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to
Stephan Hermann
* References:
CVE-2007-5135
http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded
Fixes LP: #146269
* Modify Maintainer value to match the DebianMaintainerField
specification.
[ Kees Cook ]
* SECURITY UPDATE: side-channel attacks via BN_from_montgomery function.
* crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian.
* References
CVE-2007-3108
-- Kees Cook <email address hidden> Fri, 28 Sep 2007 13:02:19 -0700
| Superseded in gutsy-release |
openssl (0.9.8e-5ubuntu1) gutsy; urgency=low * Configure: Add support for lpia. * Explicitely build using gcc-4.1 (PR other/31359). -- Matthias Klose <email address hidden> Tue, 31 Jul 2007 12:47:38 +0000
openssl (0.9.8e-5) unstable; urgency=low
[ Christian Perrier ]
* Debconf templates proofread and slightly rewritten by
the debian-l10n-english team as part of the Smith Review Project.
Closes: #418584
* Debconf templates translations:
- Arabic. Closes: #418669
- Russian. Closes: #418670
- Galician. Closes: #418671
- Swedish. Closes: #418679
- Korean. Closes: #418755
- Czech. Closes: #418768
- Basque. Closes: #418784
- German. Closes: #418785
- Traditional Chinese. Closes: #419915
- Brazilian Portuguese. Closes: #419959
- French. Closes: #420429
- Italian. Closes: #420461
- Japanese. Closes: #420482
- Catalan. Closes: #420833
- Dutch. Closes: #420925
- Malayalam. Closes: #420986
- Portuguese. Closes: #421032
- Romanian. Closes: #421708
[ Kurt Roeckx ]
* Remove the Provides for the udeb. Patch from Frans Pop. (Closes: #419608)
* Updated Spanish debconf template. (Closes: #421336)
* Do the header changes, changing those defines into real functions,
and bump the shlibs to match.
* Update Japanese debconf translation. (Closes: #422270)
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 16 May 2007 07:55:35 +0100
openssl (0.9.8e-4) unstable; urgency=low
* openssl should depend on libssl0.9.8 0.9.8e-1 since it
uses some of the defines that changed to functions.
Other things build against libssl or libcrypto shouldn't
have this problem since they use the old headers.
(Closes: #414283)
openssl (0.9.8c-4build1) feisty; urgency=low * Rebuild for changes in the amd64 toolchain. -- Matthias Klose <email address hidden> Mon, 5 Mar 2007 01:24:00 +0000
openssl (0.9.8c-4) unstable; urgency=low
* Add German debconf translation. Thanks to
Johannes Starosta <email address hidden> (Closes: #388108)
* Make c_rehash look for both .pem and .crt files. Also make it support
files in DER format. Patch by "Yauheni Kaliuta" <email address hidden>
(Closes: #387089)
* Use & instead of && to check a flag in the X509 policy checking.
Patch from upstream cvs. (Closes: #397151)
* Also restart slapd for security updates (Closes: #400221)
* Add Romanian debconf translation. Thanks to
stan ioan-eugen <email address hidden> (Closes: #393507)
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 06 Dec 2006 13:09:17 +0000
openssl (0.9.8c-3) unstable; urgency=low * Fix patch for CVE-2006-2940, it left ctx unintiliased.
| Superseded in dapper-security |
openssl (0.9.8a-7ubuntu0.3) dapper-security; urgency=low
* crypto/dh/dh_key.c: Fix return value to prevent free'ing an uninit'ed
pointer.
-- Martin Pitt <email address hidden> Wed, 4 Oct 2006 10:30:54 +0200
| Obsolete in breezy-security |
openssl (0.9.7g-1ubuntu1.5) breezy-security; urgency=low
* SECURITY UPDATE: Previous update did not completely fix CVE-2006-2940.
* crypto/rsa/rsa_eay.c: Apply max. modulus bits checking to
RSA_eay_public_decrypt() instead of RSA_eay_private_encrypt(). Thanks to
Mark J. Cox for noticing!
* crypto/dh/dh_key.c: Fix return value to prevent free'ing an uninit'ed
pointer.
-- Martin Pitt <email address hidden> Wed, 4 Oct 2006 08:26:54 +0000
| Obsolete in hoary-security |
openssl (0.9.7e-3ubuntu0.6) hoary-security; urgency=low
* SECURITY UPDATE: Previous update did not completely fix CVE-2006-2940.
* crypto/rsa/rsa_eay.c: Apply max. modulus bits checking to
RSA_eay_public_decrypt() instead of RSA_eay_private_encrypt(). Thanks to
Mark J. Cox for noticing!
* crypto/dh/dh_key.c: Fix return value to prevent free'ing an uninit'ed
pointer.
-- Martin Pitt <email address hidden> Wed, 4 Oct 2006 07:53:40 +0000
openssl (0.9.8b-2ubuntu2) edgy; urgency=low
* SECURITY UPDATE: Remote arbitrary code execution, remote DoS.
* crypto/asn1/tasn_dec.c, asn1_d2i_ex_primitive(): Initialize 'ret' to avoid
an infinite loop in some circumstances. [CVE-2006-2937]
* ssl/ssl_lib.c, SSL_get_shared_ciphers(): Fix len comparison to correctly
handle invalid long cipher list strings. [CVE-2006-3738]
* ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to
avoid client crash with malicious server responses. [CVE-2006-4343]
* Certain types of public key could take disproportionate amounts of time to
process. Apply patch from Bodo Moeller to impose limits to public key type
values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940]
* Updated patch in previous package version to fix a few corner-case
regressions. (This reverts the changes to rsa_eay.c/rsa.h/rsa_err.c, which
were determined to not be necessary).
-- Martin Pitt <email address hidden> Wed, 27 Sep 2006 12:16:12 +0200
| Superseded in dapper-security |
openssl (0.9.8a-7ubuntu0.2) dapper-security; urgency=low
* SECURITY UPDATE: Remote arbitrary code execution, remote DoS.
* crypto/asn1/tasn_dec.c, asn1_d2i_ex_primitive(): Initialize 'ret' to avoid
an infinite loop in some circumstances. [CVE-2006-2937]
* ssl/ssl_lib.c, SSL_get_shared_ciphers(): Fix len comparison to correctly
handle invalid long cipher list strings. [CVE-2006-3738]
* ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to
avoid client crash with malicious server responses. [CVE-2006-4343]
* Certain types of public key could take disproportionate amounts of time to
process. Apply patch from Bodo Moeller to impose limits to public key type
values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940]
* Updated patch in previous package version to fix a few corner-case
regressions. (This reverts the changes to rsa_eay.c/rsa.h/rsa_err.c, which
were determined to not be necessary).
-- Martin Pitt <email address hidden> Wed, 27 Sep 2006 10:26:23 +0000
| Superseded in breezy-security |
openssl (0.9.7g-1ubuntu1.3) breezy-security; urgency=low
* SECURITY UPDATE: Remote arbitrary code execution, remote DoS.
* crypto/asn1/tasn_dec.c, asn1_d2i_ex_primitive(): Initialize 'ret' to avoid
an infinite loop in some circumstances. [CVE-2006-2937]
* ssl/ssl_lib.c, SSL_get_shared_ciphers(): Fix len comparison to correctly
handle invalid long cipher list strings. [CVE-2006-3738]
* ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to
avoid client crash with malicious server responses. [CVE-2006-4343]
* Certain types of public key could take disproportionate amounts of time to
process. Apply patch from Bodo Moeller to impose limits to public key type
values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940]
* Updated patch in previous package version to fix a few corner-case
regressions. (This reverts the changes to rsa_eay.c/rsa.h/rsa_err.c, which
were determined to not be necessary).
-- Martin Pitt <email address hidden> Wed, 27 Sep 2006 10:51:00 +0000
| Superseded in hoary-security |
openssl (0.9.7e-3ubuntu0.4) hoary-security; urgency=low
* SECURITY UPDATE: Remote arbitrary code execution, remote DoS.
* crypto/asn1/tasn_dec.c, asn1_d2i_ex_primitive(): Initialize 'ret' to avoid
an infinite loop in some circumstances. [CVE-2006-2937]
* ssl/ssl_lib.c, SSL_get_shared_ciphers(): Fix len comparison to correctly
handle invalid long cipher list strings. [CVE-2006-3738]
* ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to
avoid client crash with malicious server responses. [CVE-2006-4343]
* Certain types of public key could take disproportionate amounts of time to
process. Apply patch from Bodo Moeller to impose limits to public key type
values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940]
* Updated patch in previous package version to fix a few corner-case
regressions. (This reverts the changes to rsa_eay.c/rsa.h/rsa_err.c, which
were determined to not be necessary).
-- Martin Pitt <email address hidden> Wed, 27 Sep 2006 11:10:01 +0000
| Superseded in dapper-security |
openssl (0.9.8a-7ubuntu0.1) dapper-security; urgency=low
* SECURITY UPDATE: signature forgery in some cases.
* Apply http://www.openssl.org/news/patch-CVE-2006-4339.txt:
- Check excessive data in padding of PKCS #1 v1.5 signatures to prevent
applications from incorrectly verifying the certificate.
* References:
CVE-2006-4339
http://www.openssl.org/news/secadv_20060905.txt
-- Martin Pitt <email address hidden> Tue, 5 Sep 2006 11:40:08 +0000
| Superseded in breezy-security |
openssl (0.9.7g-1ubuntu1.2) breezy-security; urgency=low
* SECURITY UPDATE: signature forgery in some cases.
* Apply http://www.openssl.org/news/patch-CVE-2006-4339.txt:
- Check excessive data in padding of PKCS #1 v1.5 signatures to prevent
applications from incorrectly verifying the certificate.
* References:
CVE-2006-4339
http://www.openssl.org/news/secadv_20060905.txt
-- Martin Pitt <email address hidden> Tue, 5 Sep 2006 12:16:57 +0000
| Superseded in hoary-security |
openssl (0.9.7e-3ubuntu0.3) hoary-security; urgency=low
* SECURITY UPDATE: signature forgery in some cases.
* Apply http://www.openssl.org/news/patch-CVE-2006-4339.txt:
- Check excessive data in padding of PKCS #1 v1.5 signatures to prevent
applications from incorrectly verifying the certificate.
* References:
CVE-2006-4339
http://www.openssl.org/news/secadv_20060905.txt
-- Martin Pitt <email address hidden> Tue, 5 Sep 2006 12:23:43 +0000
| Superseded in edgy-release |
openssl (0.9.8b-2ubuntu1) edgy; urgency=low
* SECURITY UPDATE: signature forgery in some cases.
* Apply http://www.openssl.org/news/patch-CVE-2006-4339.txt:
- Check excessive data in padding of PKCS #1 v1.5 signatures to prevent
applications from incorrectly verifying the certificate.
* References:
CVE-2006-4339
http://www.openssl.org/news/secadv_20060905.txt
-- Martin Pitt <email address hidden> Tue, 5 Sep 2006 14:13:15 +0200
| Superseded in edgy-release |
openssl (0.9.8b-2build1) edgy; urgency=low * Rebuild with current zlib1g-dev to fix udeb shlibdeps. -- Colin Watson <email address hidden> Mon, 31 Jul 2006 11:27:23 +0100
openssl (0.9.8b-2) unstable; urgency=low
* Don't call gcc with -mcpu on i386, we already use -march, so no need for
-mtune either.
* Always make all directories when building something:
- The engines directory didn't get build for the static directory, so
where missing in libcrypo.a
- The apps directory didn't always get build, so we didn't have an openssl
and a small part of the regression tests failed.
* Make the package fail to build if the regression tests fail.
openssl (0.9.8a-7build1) dapper; urgency=low
* Fake sync from Debian to resolve a problem with establishing TCP
connections over the BIO API, add a new debconf translation, and
resolve a build failure with libio-socket-ssl-perl.
openssl (0.9.8a-5) unstable; urgency=low
* Stop ssh from crashing randomly on sparc (Closes: #335912)
Patch from upstream cvs.
-- Kurt Roeckx <email address hidden> Tue, 13 Dec 2005 21:37:42 +0100
openssl (0.9.7g-1ubuntu1.1) breezy-security; urgency=low
* SECURITY UPDATE: Fix cryptographic weakness.
* ssl/s23_srvr.c:
- When using SSL_OP_MSIE_SSLV2_RSA_PADDING, do not disable the
protocol-version rollback check, so that a man-in-the-middle cannot
force a client and server to fall back to the insecure SSL 2.0 protocol.
- Problem discovered by Yutaka Oiwa.
* References:
CAN-2005-2969
http://www.openssl.org/news/secadv_20051011.txt
-- Martin Pitt <email address hidden> Thu, 13 Oct 2005 09:33:30 +0000
| Obsolete in breezy-release |
openssl (0.9.7g-1ubuntu1) breezy; urgency=low
* apps/openssl.cnf: Change CA and req default message digest algorithm to
SHA-1 since MD5 is deemed insecure. (Ubuntu #13593)
-- Martin Pitt <email address hidden> Wed, 24 Aug 2005 09:57:52 +0200
openssl (0.9.7e-3ubuntu0.2) hoary-security; urgency=low
* SECURITY UPDATE: Fix cryptographic weakness.
* ssl/s23_srvr.c:
- When using SSL_OP_MSIE_SSLV2_RSA_PADDING, do not disable the
protocol-version rollback check, so that a man-in-the-middle cannot
force a client and server to fall back to the insecure SSL 2.0 protocol.
- Problem discovered by Yutaka Oiwa.
* References:
CAN-2005-2969
http://www.openssl.org/news/secadv_20051011.txt
-- Martin Pitt <email address hidden> Thu, 13 Oct 2005 09:46:30 +0000
openssl (0.9.7e-3) unstable; urgency=high
* really fix der_chop. The fix from -1 was not really included (closes:
#281212)
* still fixes security problem CAN-2004-0975 etc.
- tempfile raise condition in der_chop
- Avoid a race condition when CRLs are checked in a multi threaded
environment.
-- Christoph Martin <email address hidden> Thu, 16 Dec 2004 18:41:29 +0100
openssl (0.9.7d-3ubuntu0.3) warty-security; urgency=low
* SECURITY UPDATE: Fix cryptographic weakness.
* ssl/s23_srvr.c:
- When using SSL_OP_MSIE_SSLV2_RSA_PADDING, do not disable the
protocol-version rollback check, so that a man-in-the-middle cannot
force a client and server to fall back to the insecure SSL 2.0 protocol.
- Problem discovered by Yutaka Oiwa.
* References:
CAN-2005-2969
http://www.openssl.org/news/secadv_20051011.txt
-- Martin Pitt <email address hidden> Thu, 13 Oct 2005 09:48:51 +0000
openssl (0.9.7d-3) unstable; urgency=low * rename -pic.a libraries to _pic.a (closes: #250016) -- Christoph Martin <email address hidden> Mon, 24 May 2004 17:02:29 +0200
| 151 → 179 of 479 results | First • Previous • Next • Last |
