~ubuntu-branches/ubuntu/lucid/openssl/lucid-security

« back to all changes in this revision

Viewing changes to debian/changelog

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2015-03-19 09:57:59 UTC
  • Revision ID: package-import@ubuntu.com-20150319095759-do88u689v2nfth1v
Tags: 0.9.8k-7ubuntu8.27
* SECURITY UPDATE: denial of service and possible memory corruption via
  malformed EC private key
  - debian/patches/CVE-2015-0209.patch: fix use after free in
    crypto/ec/ec_asn1.c.
  - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
    freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
  - CVE-2015-0209
* SECURITY UPDATE: denial of service via cert verification
  - debian/patches/CVE-2015-0286.patch: handle boolean types in
    crypto/asn1/a_type.c.
  - CVE-2015-0286
* SECURITY UPDATE: ASN.1 structure reuse memory corruption
  - debian/patches/CVE-2015-0287.patch: free up structures in
    crypto/asn1/tasn_dec.c.
  - CVE-2015-0287
* SECURITY UPDATE: denial of service via invalid certificate key
  - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
    crypto/x509/x509_req.c.
  - CVE-2015-0288
* SECURITY UPDATE: denial of service and possible code execution via
  PKCS#7 parsing
  - debian/patches/CVE-2015-0289.patch: handle missing content in
    crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
  - CVE-2015-0289
* SECURITY UPDATE: denial of service or memory corruption via base64
  decoding
  - debian/patches/CVE-2015-0292.patch: prevent underflow in
    crypto/evp/encode.c.
  - CVE-2015-0292
* SECURITY UPDATE: denial of service via assert in SSLv2 servers
  - debian/patches/CVE-2015-0293.patch: check key lengths in
    ssl/s2_lib.c, ssl/s2_srvr.c.
  - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
    ssl/s2_srvr.c.
  - CVE-2015-0293

Show diffs side-by-side

added added

removed removed

Lines of Context:
 
1
openssl (0.9.8k-7ubuntu8.27) lucid-security; urgency=medium
 
2
 
 
3
  * SECURITY UPDATE: denial of service and possible memory corruption via
 
4
    malformed EC private key
 
5
    - debian/patches/CVE-2015-0209.patch: fix use after free in
 
6
      crypto/ec/ec_asn1.c.
 
7
    - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
 
8
      freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
 
9
    - CVE-2015-0209
 
10
  * SECURITY UPDATE: denial of service via cert verification
 
11
    - debian/patches/CVE-2015-0286.patch: handle boolean types in
 
12
      crypto/asn1/a_type.c.
 
13
    - CVE-2015-0286
 
14
  * SECURITY UPDATE: ASN.1 structure reuse memory corruption
 
15
    - debian/patches/CVE-2015-0287.patch: free up structures in
 
16
      crypto/asn1/tasn_dec.c.
 
17
    - CVE-2015-0287
 
18
  * SECURITY UPDATE: denial of service via invalid certificate key
 
19
    - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
 
20
      crypto/x509/x509_req.c.
 
21
    - CVE-2015-0288
 
22
  * SECURITY UPDATE: denial of service and possible code execution via
 
23
    PKCS#7 parsing
 
24
    - debian/patches/CVE-2015-0289.patch: handle missing content in
 
25
      crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
 
26
    - CVE-2015-0289
 
27
  * SECURITY UPDATE: denial of service or memory corruption via base64
 
28
    decoding
 
29
    - debian/patches/CVE-2015-0292.patch: prevent underflow in
 
30
      crypto/evp/encode.c.
 
31
    - CVE-2015-0292
 
32
  * SECURITY UPDATE: denial of service via assert in SSLv2 servers
 
33
    - debian/patches/CVE-2015-0293.patch: check key lengths in
 
34
      ssl/s2_lib.c, ssl/s2_srvr.c.
 
35
    - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
 
36
      ssl/s2_srvr.c.
 
37
    - CVE-2015-0293
 
38
 
 
39
 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 19 Mar 2015 09:57:59 -0400
 
40
 
1
41
openssl (0.9.8k-7ubuntu8.23) lucid-security; urgency=medium
2
42
 
3
43
  * SECURITY UPDATE: denial of service via unexpected handshake when