~nvalcarcel/ubuntu/lucid/openssl/openssl-merge

Viewing all changes in revision 30.

Committer: Bazaar Package Importer
Author(s): Jamie Strandboge
Date: 2009-03-27 08:23:35 UTC
Revision ID: james.westby@ubuntu.com-20090327082335-l8yyliq5872er7ra

Tags: 0.9.8g-15ubuntu3

* SECURITY UPDATE: crash via invalid memory access when printing BMPString
  or UniversalString with invalid length
  - crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h:
    return error if invalid length
  - CVE-2009-0590
  - http://www.openssl.org/news/secadv_20090325.txt
  - patch from upstream CVS:
    crypto/asn1/asn1.h:1.128.2.11->1.128.2.12
    crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5
    crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11