← Back to branch summary

~ubuntu-branches/ubuntu/dapper/openssl/dapper-proposed

Viewing all changes in revision 14.

  • Committer: Bazaar Package Importer
  • Author(s): Marc Deslauriers
  • Date: 2009-09-08 15:07:55 UTC
  • Revision ID: james.westby@ubuntu.com-20090908150755-4dij3fvjlyrs228d
Tags: 0.9.8a-7ubuntu0.10
* SECURITY UPDATE: certificate spoofing via hash collisions from MD2
  design flaws.
  - crypto/evp/c_alld.c, ssl/ssl_algs.c: disable MD2 digest.
  - crypto/x509/x509_vfy.c: skip signature check for self signed
    certificates
  - http://marc.info/?l=openssl-cvs&m=124508133203041&w=2
  - http://marc.info/?l=openssl-cvs&m=124704528713852&w=2
  - CVE-2009-2409

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: