~ubuntu-branches/ubuntu/lucid/openssl/lucid-security

« back to all changes in this revision

Viewing changes to debian/changelog

  • Committer: Package Import Robot
  • Author(s): Steve Beattie
  • Date: 2012-01-31 01:41:34 UTC
  • Revision ID: package-import@ubuntu.com-20120131014134-dwhpdmijbl7n8mck
Tags: 0.9.8k-7ubuntu8.8
* SECURITY UPDATE: ECDSA private key timing attack
  - debian/patches/CVE-2011-1945.patch: compute with fixed scalar
    length
  - CVE-2011-1945
* SECURITY UPDATE: ECDH ciphersuite denial of service
  - debian/patches/CVE-2011-3210.patch: fix memory usage for thread
    safety
  - CVE-2011-3210
* SECURITY UPDATE: DTLS plaintext recovery attack
  - debian/patches/CVE-2011-4108.patch: perform all computations
    before discarding messages
  - CVE-2011-4108
* SECURITY UPDATE: policy check double free vulnerability
  - debian/patches/CVE-2011-4019.patch: only free domain policyin
    one location
  - CVE-2011-4019
* SECURITY UPDATE: SSL 3.0 block padding exposure
  - debian/patches/CVE-2011-4576.patch: clear bytes used for block
    padding of SSL 3.0 records.
  - CVE-2011-4576
* SECURITY UPDATE: malformed RFC 3779 data denial of service attack
  - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779
    data from triggering an assertion failure
  - CVE-2011-4577
* SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service
  - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake
    restart for SSL/TLS.
  - CVE-2011-4619
* SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack
  - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC
  - CVE-2012-0050
* debian/patches/openssl-fix_ECDSA_tests.patch: fix ECDSA tests
* debian/libssl0.9.8.postinst: Only issue the reboot notification for
  servers by testing that the X server is not running (LP: #244250)

Show diffs side-by-side

added added

removed removed

Lines of Context:
 
1
openssl (0.9.8k-7ubuntu8.8) lucid-security; urgency=low
 
2
 
 
3
  * SECURITY UPDATE: ECDSA private key timing attack
 
4
    - debian/patches/CVE-2011-1945.patch: compute with fixed scalar
 
5
      length
 
6
    - CVE-2011-1945
 
7
  * SECURITY UPDATE: ECDH ciphersuite denial of service
 
8
    - debian/patches/CVE-2011-3210.patch: fix memory usage for thread
 
9
      safety
 
10
    - CVE-2011-3210
 
11
  * SECURITY UPDATE: DTLS plaintext recovery attack
 
12
    - debian/patches/CVE-2011-4108.patch: perform all computations
 
13
      before discarding messages
 
14
    - CVE-2011-4108
 
15
  * SECURITY UPDATE: policy check double free vulnerability
 
16
    - debian/patches/CVE-2011-4019.patch: only free domain policyin
 
17
      one location
 
18
    - CVE-2011-4019
 
19
  * SECURITY UPDATE: SSL 3.0 block padding exposure
 
20
    - debian/patches/CVE-2011-4576.patch: clear bytes used for block
 
21
      padding of SSL 3.0 records.
 
22
    - CVE-2011-4576
 
23
  * SECURITY UPDATE: malformed RFC 3779 data denial of service attack
 
24
    - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779
 
25
      data from triggering an assertion failure
 
26
    - CVE-2011-4577
 
27
  * SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service
 
28
    - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake
 
29
      restart for SSL/TLS.
 
30
    - CVE-2011-4619
 
31
  * SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack
 
32
    - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC
 
33
    - CVE-2012-0050
 
34
  * debian/patches/openssl-fix_ECDSA_tests.patch: fix ECDSA tests
 
35
  * debian/libssl0.9.8.postinst: Only issue the reboot notification for
 
36
    servers by testing that the X server is not running (LP: #244250)
 
37
 
 
38
 -- Steve Beattie <sbeattie@ubuntu.com>  Tue, 31 Jan 2012 01:41:34 -0800
 
39
 
1
40
openssl (0.9.8k-7ubuntu8.6) lucid-security; urgency=low
2
41
 
3
42
  * SECURITY UPDATE: OCSP stapling vulnerability