-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2010-10-06 17:50:37 UTC
-
Revision ID:
james.westby@ubuntu.com-20101006175037-yvr9oqc9sq1vsh12
Tags: 0.9.8g-15ubuntu3.6
* SECURITY UPDATE: denial of service and possible code execution via
unchecked bn_wexpand return values. (LP: #655884)
- crypto/bn/{bn_mul,bn_div,bn_gf2m}.c, crypto/ec/ec2_smpl.c,
engines/e_ubsec.c: check return values.
- http://cvs.openssl.org/chngview?cn=18936
- http://cvs.openssl.org/chngview?cn=19309
- CVE-2009-3245
* SECURITY UPDATE: denial of service and possible code execution via
crafted private key with an invalid prime.
- ssl/s3_clnt.c: set bn_ctx to NULL after freeing it.
- http://www.mail-archive.com/openssl-dev@openssl.org/msg28049.html
- CVE-2010-2939