-
Committer:
Bazaar Package Importer
-
Author(s):
Kees Cook, Jamie Strandboge, Kees Cook
-
Date:
2007-09-28 13:10:15 UTC
-
Revision ID:
james.westby@ubuntu.com-20070928131015-jfciu33xt5gjiprp
Tags: 0.9.8a-7ubuntu0.4
[ Jamie Strandboge ]
* SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in
buffer overflow
* ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to
Stephan Hermann
* References:
CVE-2007-5135
http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded
Fixes LP: #146269
[ Kees Cook ]
* SECURITY UPDATE: side-channel attacks via BN_from_montgomery function.
* crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian.
* References
CVE-2007-3108