← Back to branch summary

~ubuntu-branches/ubuntu/lucid/openssl/lucid-security

« back to all changes in this revision

Viewing changes to debian/changelog

  • Committer: Package Import Robot
  • Author(s): Jamie Strandboge
  • Date: 2012-04-19 10:24:54 UTC
  • Revision ID: package-import@ubuntu.com-20120419102454-tluy4us0xsq90jll
Tags: 0.9.8k-7ubuntu8.10
* SECURITY UPDATE: NULL pointer dereference in S/MIME messages with broken
  headers
  - debian/patches/CVE-2006-7250+2012-1165.patch: adjust mime_hdr_cmp()
    and mime_param_cmp() to not dereference the compared strings if either
    is NULL
  - CVE-2006-7250
  - CVE-2012-1165
* SECURITY UPDATE: fix various overflows
  - debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c,
    crypto/buffer.c and crypto/mem.c to verify size of lengths
  - CVE-2012-2110

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/changelog
 
1
openssl (0.9.8k-7ubuntu8.10) lucid-security; urgency=low
 
2
 
 
3
  * SECURITY UPDATE: NULL pointer dereference in S/MIME messages with broken
 
4
    headers
 
5
    - debian/patches/CVE-2006-7250+2012-1165.patch: adjust mime_hdr_cmp()
 
6
      and mime_param_cmp() to not dereference the compared strings if either
 
7
      is NULL
 
8
    - CVE-2006-7250
 
9
    - CVE-2012-1165
 
10
  * SECURITY UPDATE: fix various overflows
 
11
    - debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c,
 
12
      crypto/buffer.c and crypto/mem.c to verify size of lengths
 
13
    - CVE-2012-2110
 
14
 
 
15
 -- Jamie Strandboge <jamie@ubuntu.com>  Thu, 19 Apr 2012 10:24:54 -0500
 
16
 
1
17
openssl (0.9.8k-7ubuntu8.8) lucid-security; urgency=low
2
18
 
3
19
  * SECURITY UPDATE: ECDSA private key timing attack