-
Committer:
Package Import Robot
-
Author(s):
Steve Beattie
-
Date:
2012-02-08 16:06:24 UTC
-
Revision ID:
package-import@ubuntu.com-20120208160624-h9z89w7bx1j9c604
Tags: 1.0.0e-2ubuntu4.2
* SECURITY UPDATE: DTLS plaintext recovery attack
- debian/patches/CVE-2011-4108.patch: perform all computations
before discarding messages
- CVE-2011-4108
* SECURITY UPDATE: SSL 3.0 block padding exposure
- debian/patches/CVE-2011-4576.patch: clear bytes used for block
padding of SSL 3.0 records.
- CVE-2011-4576
* SECURITY UPDATE: malformed RFC 3779 data denial of service attack
- debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779
data from triggering an assertion failure
- CVE-2011-4577
* SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service
- debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake
restart for SSL/TLS.
- CVE-2011-4619
* SECURITY UPDATE: GOST block cipher denial of service
- debian/patches/CVE-2012-0027.patch: check GOST parameters are
not NULL
- CVE-2012-0027
* SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack
- debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC
- CVE-2012-0050