~ubuntu-branches/ubuntu/hardy/openssl/hardy-proposed

Viewing all changes in revision 27.

  • Committer: Bazaar Package Importer
  • Author(s): Marc Deslauriers
  • Date: 2009-09-08 15:05:08 UTC
  • Revision ID: james.westby@ubuntu.com-20090908150508-1901pxm69komw55k
Tags: 0.9.8g-4ubuntu3.8
* SECURITY UPDATE: certificate spoofing via hash collisions from MD2
  design flaws.
  - crypto/evp/c_alld.c, ssl/ssl_algs.c: disable MD2 digest.
  - crypto/x509/x509_vfy.c: skip signature check for self signed
    certificates
  - http://marc.info/?l=openssl-cvs&m=124508133203041&w=2
  - http://marc.info/?l=openssl-cvs&m=124704528713852&w=2
  - CVE-2009-2409

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: