-
Committer:
Package Import Robot
-
Author(s):
Steve Beattie
-
Date:
2012-05-22 15:24:09 UTC
-
Revision ID:
package-import@ubuntu.com-20120522152409-6u4cx2k6mtj4kbfc
Tags: 1.0.0e-2ubuntu4.6
* SECURITY UPDATE: denial of service attack in DTLS implementation
- debian/patches/CVE_2012-2333.patch: guard for integer overflow
before skipping explicit IV
- CVE-2012-2333
* SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7
- debian/patches/CVE-2012-0884.patch: use a random key if RSA
decryption fails to avoid leaking timing information
- CVE-2012-0884
* debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto
errors in PKCS7_decrypt and initialize tkeylen properly when
encrypting CMS messages.