-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2010-03-30 08:57:51 UTC
-
Revision ID:
james.westby@ubuntu.com-20100330085751-psie5ihdbr6ywffg
Tags: 0.9.8k-7ubuntu8
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via unchecked return values
- debian/patches/CVE-2009-3245.patch: check bn_wexpand return value in
crypto/bn/{bn_div.c,bn_gf2m.c,bn_mul.c}, crypto/ec/ec2_smpl.c,
engines/e_ubsec.c.
- CVE-2009-3245
* SECURITY UPDATE: denial of service via "record of death"
- debian/patches/CVE-2010-0740.patch: only send back minor version
number in ssl/s3_pkt.c.
- CVE-2010-0740