← Back to branch summary

~ubuntu-branches/ubuntu/raring/openssl/raring-proposed

Viewing all changes in revision 94.

  • Committer: Package Import Robot
  • Author(s): Seth Arnold
  • Date: 2013-06-03 18:13:47 UTC
  • Revision ID: package-import@ubuntu.com-20130603181347-nlboyw6i27pb8ojb
Tags: 1.0.1c-4ubuntu8.1
https://launchpad.net/bugs/1187195
* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
  (LP: #1187195)
  - CVE-2012-4929
  - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
    zlib to compress SSL/TLS unless the environment variable
    OPENSSL_DEFAULT_ZLIB is set in the environment during library
    initialization.
  - Introduced to assist with programs not yet updated to provide their own
    controls on compression, such as Postfix
  - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: