Format: 1.7 Date: Wed, 06 Oct 2010 18:21:02 -0400 Source: openssl Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl-dev libssl0.9.8-dbg Architecture: amd64_translations amd64 Version: 0.9.8g-4ubuntu3.11 Distribution: hardy Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Marc Deslauriers Description: libcrypto0.9.8-udeb - crypto shared library - udeb (udeb) libssl-dev - SSL development libraries, header files and documentation libssl0.9.8 - SSL shared libraries libssl0.9.8-dbg - Symbol tables for libssl and libcrypto openssl - Secure Socket Layer (SSL) binary and related cryptographic tools openssl-doc - Secure Socket Layer (SSL) documentation Launchpad-Bugs-Fixed: 655884 Changes: openssl (0.9.8g-4ubuntu3.11) hardy-security; urgency=low . * SECURITY UPDATE: denial of service and possible code execution via unchecked bn_wexpand return values. (LP: #655884) - crypto/bn/{bn_mul,bn_div,bn_gf2m}.c, crypto/ec/ec2_smpl.c, engines/e_ubsec.c: check return values. - http://cvs.openssl.org/chngview?cn=18936 - http://cvs.openssl.org/chngview?cn=19309 - CVE-2009-3245 * SECURITY UPDATE: denial of service and possible code execution via crafted private key with an invalid prime. - ssl/s3_clnt.c: set bn_ctx to NULL after freeing it. - http://www.mail-archive.com/openssl-dev@openssl.org/msg28049.html - CVE-2010-2939 Files: 5e65edd8b2288d5c4a82a548cea09122 17292 raw-translations - openssl_0.9.8g-4ubuntu3.11_amd64_translations.tar.gz edaf8c571d616ac95c62a28fc592c60d 392886 utils optional openssl_0.9.8g-4ubuntu3.11_amd64.deb 60de6153ae24c9274ec1462336fea0ce 941046 libs important libssl0.9.8_0.9.8g-4ubuntu3.11_amd64.deb 790599d49e9f90a68823ea1531bf472b 604218 debian-installer optional libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.11_amd64.udeb c0da98a9f5e7b7fd052b7f90d54204ee 2077346 libdevel optional libssl-dev_0.9.8g-4ubuntu3.11_amd64.deb fb39b2b5c7016ad1e2d0a271558e3bdb 1625072 libdevel extra libssl0.9.8-dbg_0.9.8g-4ubuntu3.11_amd64.deb Original-Maintainer: Debian OpenSSL Team Package-Type: udeb