~ubuntu-branches/ubuntu/lucid/openssl/lucid-security

Viewing all changes in revision 43.

  • Committer: Bazaar Package Importer
  • Author(s): Marc Deslauriers
  • Date: 2010-03-30 08:57:51 UTC
  • Revision ID: james.westby@ubuntu.com-20100330085751-psie5ihdbr6ywffg
Tags: 0.9.8k-7ubuntu8
* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via unchecked return values
  - debian/patches/CVE-2009-3245.patch: check bn_wexpand return value in
    crypto/bn/{bn_div.c,bn_gf2m.c,bn_mul.c}, crypto/ec/ec2_smpl.c,
    engines/e_ubsec.c.
  - CVE-2009-3245
* SECURITY UPDATE: denial of service via "record of death"
  - debian/patches/CVE-2010-0740.patch: only send back minor version
    number in ssl/s3_pkt.c.
  - CVE-2010-0740

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: