Ubuntu

“openssl” 1.0.0e-2ubuntu4.4 source package in The Oneiric Ocelot

Publishing history

1.0.0e-2ubuntu4.4
SUPERSEDED: Oneiric pocket Updates in component main and section utils
  • Removed from disk on 2012-04-26.
  • Removal requested on 2012-04-25.
  • Superseded on 2012-04-24 by openssl - 1.0.0e-2ubuntu4.5
  • Published on 2012-04-19
  • Copied from ubuntu oneiric in Private PPA for Ubuntu Security Team
1.0.0e-2ubuntu4.4
SUPERSEDED: Oneiric pocket Security in component main and section utils
  • Removed from disk on 2012-04-26.
  • Removal requested on 2012-04-25.
  • Superseded on 2012-04-24 by openssl - 1.0.0e-2ubuntu4.5
  • Published on 2012-04-19
  • Copied from ubuntu oneiric in Private PPA for Ubuntu Security Team

Builds

Changelog

openssl (1.0.0e-2ubuntu4.4) oneiric-security; urgency=low

  * SECURITY UPDATE: NULL pointer dereference in S/MIME messages with broken
    headers
    - debian/patches/CVE-2006-7250+2012-1165.patch: adjust mime_hdr_cmp()
      and mime_param_cmp() to not dereference the compared strings if either
      is NULL
    - CVE-2006-7250
    - CVE-2012-1165
  * SECURITY UPDATE: fix various overflows
    - debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c,
      crypto/buffer.c and crypto/mem.c to verify size of lengths
    - CVE-2012-2110
 -- Jamie Strandboge <email address hidden>   Thu, 19 Apr 2012 09:39:43 -0500