-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers
-
Date:
2013-02-18 13:13:42 UTC
-
Revision ID:
package-import@ubuntu.com-20130218131342-s6jggyto6dwa1fzt
Tags: 1.0.1c-3ubuntu2.1
* SECURITY UPDATE: denial of service via invalid OCSP key
- debian/patches/CVE-2013-0166.patch: properly handle NULL key in
crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
- CVE-2013-0166
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
- debian/patches/CVE-2013-0169.patch: massive code changes
- CVE-2013-0169
* SECURITY UPDATE: denial of service via AES-NI and crafted CBC data
- Fix included in CVE-2013-0169 patch
- CVE-2012-2686