~nvalcarcel/ubuntu/lucid/openssl/openssl-merge

Viewing all changes in revision 33.

  • Committer: Bazaar Package Importer
  • Author(s): Marc Deslauriers
  • Date: 2009-09-08 14:59:05 UTC
  • Revision ID: james.westby@ubuntu.com-20090908145905-chzaajzrg9lmw7o5
Tags: 0.9.8g-16ubuntu3
* SECURITY UPDATE: certificate spoofing via hash collisions from MD2
  design flaws.
  - crypto/evp/c_alld.c, ssl/ssl_algs.c: disable MD2 digest.
  - crypto/x509/x509_vfy.c: skip signature check for self signed
    certificates
  - http://marc.info/?l=openssl-cvs&m=124508133203041&w=2
  - http://marc.info/?l=openssl-cvs&m=124704528713852&w=2
  - CVE-2009-2409

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: