Format: 1.7 Date: Wed, 06 Oct 2010 18:21:02 -0400 Source: openssl Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl-dev libssl0.9.8-dbg Architecture: lpia_translations lpia Version: 0.9.8g-4ubuntu3.11 Distribution: hardy Urgency: low Maintainer: Ubuntu/lpia Build Daemon Changed-By: Marc Deslauriers Description: libcrypto0.9.8-udeb - crypto shared library - udeb (udeb) libssl-dev - SSL development libraries, header files and documentation libssl0.9.8 - SSL shared libraries libssl0.9.8-dbg - Symbol tables for libssl and libcrypto openssl - Secure Socket Layer (SSL) binary and related cryptographic tools openssl-doc - Secure Socket Layer (SSL) documentation Launchpad-Bugs-Fixed: 655884 Changes: openssl (0.9.8g-4ubuntu3.11) hardy-security; urgency=low . * SECURITY UPDATE: denial of service and possible code execution via unchecked bn_wexpand return values. (LP: #655884) - crypto/bn/{bn_mul,bn_div,bn_gf2m}.c, crypto/ec/ec2_smpl.c, engines/e_ubsec.c: check return values. - http://cvs.openssl.org/chngview?cn=18936 - http://cvs.openssl.org/chngview?cn=19309 - CVE-2009-3245 * SECURITY UPDATE: denial of service and possible code execution via crafted private key with an invalid prime. - ssl/s3_clnt.c: set bn_ctx to NULL after freeing it. - http://www.mail-archive.com/openssl-dev@openssl.org/msg28049.html - CVE-2010-2939 Files: 4619f72877b2c05a9ca58141a79b8238 17291 raw-translations - openssl_0.9.8g-4ubuntu3.11_lpia_translations.tar.gz 7cf95fab1e450b8e0d415e596411ecff 392124 utils optional openssl_0.9.8g-4ubuntu3.11_lpia.deb 5ff574056df2afc59642a8c2861229c0 852314 libs important libssl0.9.8_0.9.8g-4ubuntu3.11_lpia.deb d1d8138f01b67ff25a66e2f69ba52bba 535616 debian-installer optional libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.11_lpia.udeb c666740c21c8b346e2634cc09e01d8c8 1931966 libdevel optional libssl-dev_0.9.8g-4ubuntu3.11_lpia.deb 77dda984f1788868e5fd7d8aa3bf9af0 1532770 libdevel extra libssl0.9.8-dbg_0.9.8g-4ubuntu3.11_lpia.deb Original-Maintainer: Debian OpenSSL Team Package-Type: udeb