-
Committer:
Package Import Robot
-
Author(s):
Seth Arnold
-
Date:
2013-06-03 18:13:33 UTC
-
mfrom:
(88.1.1 quantal-proposed)
-
Revision ID:
package-import@ubuntu.com-20130603181333-jrlpnnpre971hova
Tags: 1.0.1c-3ubuntu2.5
* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
(LP: #1187195)
- CVE-2012-4929
- debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
zlib to compress SSL/TLS unless the environment variable
OPENSSL_DEFAULT_ZLIB is set in the environment during library
initialization.
- Introduced to assist with programs not yet updated to provide their own
controls on compression, such as Postfix
- http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch