[ubuntu/lucid] openssl 0.9.8k-7ubuntu8 (Accepted)

Tue Mar 30 14:45:27 BST 2010

openssl (0.9.8k-7ubuntu8) lucid; urgency=low

  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via unchecked return values
    - debian/patches/CVE-2009-3245.patch: check bn_wexpand return value in
      crypto/bn/{bn_div.c,bn_gf2m.c,bn_mul.c}, crypto/ec/ec2_smpl.c,
      engines/e_ubsec.c.
    - CVE-2009-3245
  * SECURITY UPDATE: denial of service via "record of death"
    - debian/patches/CVE-2010-0740.patch: only send back minor version
      number in ssl/s3_pkt.c.
    - CVE-2010-0740

Date: Tue, 30 Mar 2010 08:57:51 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/openssl/0.9.8k-7ubuntu8
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 30 Mar 2010 08:57:51 -0400
Source: openssl
Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl0.9.8-udeb libssl-dev libssl0.9.8-dbg
Architecture: source
Version: 0.9.8k-7ubuntu8
Distribution: lucid
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libcrypto0.9.8-udeb - crypto shared library - udeb (udeb)
 libssl-dev - SSL development libraries, header files and documentation
 libssl0.9.8 - SSL shared libraries
 libssl0.9.8-dbg - Symbol tables for libssl and libcrypto
 libssl0.9.8-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Socket Layer (SSL) binary and related cryptographic tools
 openssl-doc - Secure Socket Layer (SSL) documentation
Changes: 
 openssl (0.9.8k-7ubuntu8) lucid; urgency=low
 .
   * SECURITY UPDATE: denial of service and possible arbitrary code
     execution via unchecked return values
     - debian/patches/CVE-2009-3245.patch: check bn_wexpand return value in
       crypto/bn/{bn_div.c,bn_gf2m.c,bn_mul.c}, crypto/ec/ec2_smpl.c,
       engines/e_ubsec.c.
     - CVE-2009-3245
   * SECURITY UPDATE: denial of service via "record of death"
     - debian/patches/CVE-2010-0740.patch: only send back minor version
       number in ssl/s3_pkt.c.
     - CVE-2010-0740
Checksums-Sha1: 
 d95e6f037cf440bbcc8f7246964639ebafecdbf0 1451 openssl_0.9.8k-7ubuntu8.dsc
 29eab4c1fbfb28ab658d61aa8e1e9bacf7e5e0e5 93895 openssl_0.9.8k-7ubuntu8.diff.gz
Checksums-Sha256: 
 8d230a746088b88f88d5673ac59ce4682e45558f1a1ececc81d8ba2c77cd43bd 1451 openssl_0.9.8k-7ubuntu8.dsc
 d931572b674165ed374870cf828d8fc86e4e887c2059593942b89637a12b697c 93895 openssl_0.9.8k-7ubuntu8.diff.gz
Files: 
 718ec4e6380682a0f886750365a4764a 1451 utils optional openssl_0.9.8k-7ubuntu8.dsc
 e267ff0cd06b63bf690ba17fb745aa81 93895 utils optional openssl_0.9.8k-7ubuntu8.diff.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkux/4wACgkQLMAs/0C4zNqVNwCgnboVe/FrNm7x5m+4Lz4gDsOG
jIkAmQEuou+RJWHOJ3k3Vzv8vbrPF5Lu
=x43V
-----END PGP SIGNATURE-----