Viewing all changes in revision 55.
- Committer: Package Import Robot
- Date: 2014-06-04 19:32:47 UTC
- Revision ID: package-import@ubuntu.com-20140604193247-zfychpdqxucnpv2m
* SECURITY UPDATE: MITM via change cipher spec
- debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec
when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c,
ssl/ssl3.h.
- debian/patches/CVE-2014-0224-2.patch: don't accept zero length master
secrets in ssl/s3_pkt.c.
- debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in
ssl/s3_clnt.c.
- debian/patches/fix_renegotiation.patch: add upstream commit to fix
renegotiation in ssl/s3_clnt.c, ssl/t1_lib.c.
- CVE-2014-0224
* SECURITY UPDATE: denial of service via DTLS recursion flaw
- debian/patches/CVE-2014-0221.patch: handle DTLS hello request without
recursion in ssl/d1_both.c.
- CVE-2014-0221
- debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec
when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c,
ssl/ssl3.h.
- debian/patches/CVE-2014-0224-2.patch: don't accept zero length master
secrets in ssl/s3_pkt.c.
- debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in
ssl/s3_clnt.c.
- debian/patches/fix_renegotiation.patch: add upstream commit to fix
renegotiation in ssl/s3_clnt.c, ssl/t1_lib.c.
- CVE-2014-0224
* SECURITY UPDATE: denial of service via DTLS recursion flaw
- debian/patches/CVE-2014-0221.patch: handle DTLS hello request without
recursion in ssl/d1_both.c.
- CVE-2014-0221
expand all
collapse all
added
removed
