-
Committer:
Bazaar Package Importer
-
Author(s):
Jamie Strandboge
-
Date:
2008-06-19 14:35:20 UTC
-
Revision ID:
james.westby@ubuntu.com-20080619143520-e9o7cegvls7ozkz5
Tags: 0.9.8g-4ubuntu3.3
* SECURITY UPDATE: fix denial of service when 'Server Key exchange message'
is omitted from a TLS handshake
* ssl/s3_clnt.c: make sure s->session->sess_cert is not NULL
* SECURITY UPDATE: fix denial of service when using tlsext. Note that
this version of openssl does not use tlsext by default.
* ssl/t1_lib.c: make sure s->session->tlsext_hostname is set to NULL to
prevent double free.
* References
CVE-2008-1672
CVE-2008-0891
LP: #235913