-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers
-
Date:
2009-07-15 13:06:03 UTC
-
Revision ID:
package-import@ubuntu.com-20090715130603-tdfe82g4e9rvnz7r
* SECURITY UPDATE: certificate spoofing via invalid return value check
in OCSP_basic_verify
- debian/patches/904_security_CVE-2009-0642.dpatch: also check for -1
return code in ext/openssl/ossl_ocsp.c.
- CVE-2009-0642
* SECURITY UPDATE: denial of service in BigDecimal library via string
argument that represents a large number (LP: #385436)
- debian/patches/905_security_CVE-2009-1904.dpatch: handle large
numbers properly in ext/bigdecimal/bigdecimal.c.
- CVE-2009-1904