~ubuntu-branches/ubuntu/hardy/openssl/hardy-proposed

Viewing all changes in revision 25.

  • Committer: Bazaar Package Importer
  • Author(s): Jamie Strandboge
  • Date: 2009-03-26 14:12:48 UTC
  • Revision ID: james.westby@ubuntu.com-20090326141248-myi7yec031yltjhg
Tags: 0.9.8g-4ubuntu3.5
* SECURITY UPDATE: crash via invalid memory access when printing BMPString
  or UniversalString with invalid length
  - crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h:
    return error if invalid length
  - CVE-2009-0590
  - http://www.openssl.org/news/secadv_20090325.txt
  - patch from upstream CVS:
    crypto/asn1/asn1.h:1.128.2.11->1.128.2.12
    crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5
    crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: