-
Committer:
Bazaar Package Importer
-
Author(s):
Steve Beattie, Steve Henson
-
Date:
2011-02-09 16:47:44 UTC
-
Revision ID:
james.westby@ubuntu.com-20110209164744-al408f4rnr42m62v
Tags: 0.9.8k-7ubuntu8.6
* SECURITY UPDATE: OCSP stapling vulnerability
- debian/patched/openssl-CVE-2011-0014-secadv_20110208.patch:
stricter parsing of ClientHello message in ssl/t1_lib.c
- CVE-2011-0014
* Forward TLS version interop patch
- debian/patches/openssl-forward-interop.patch
- Handle TLS versions 2.0 and later properly and correctly use
the highest version of TLS/SSL supported. Although TLS >=
2.0 is some way off ancient servers have a habit of sticking
around for a while...
[Steve Henson]