-
Committer:
Bazaar Package Importer
-
Author(s):
Jamie Strandboge
-
Date:
2009-03-26 14:12:48 UTC
-
Revision ID:
james.westby@ubuntu.com-20090326141248-myi7yec031yltjhg
Tags: 0.9.8g-4ubuntu3.5
* SECURITY UPDATE: crash via invalid memory access when printing BMPString
or UniversalString with invalid length
- crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h:
return error if invalid length
- CVE-2009-0590
- http://www.openssl.org/news/secadv_20090325.txt
- patch from upstream CVS:
crypto/asn1/asn1.h:1.128.2.11->1.128.2.12
crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5
crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11