-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers
-
Date:
2009-07-15 11:49:36 UTC
-
Revision ID:
package-import@ubuntu.com-20090715114936-himk9ly0cxpuzo7k
* SECURITY UPDATE: certificate spoofing via invalid return value check
in OCSP_basic_verify
- debian/patches/906_security_CVE-2009-0642.dpatch: also check for -1
return code in ext/openssl/ossl_ocsp.c.
- CVE-2009-0642
* SECURITY UPDATE: denial of service in BigDecimal library via string
argument that represents a large number (LP: #385436)
- debian/patches/907_security_CVE-2009-1904.dpatch: handle large
numbers properly in ext/bigdecimal/bigdecimal.c.
- CVE-2009-1904