[ubuntu/raring-proposed] openssl 1.0.1c-4ubuntu4 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Wed Feb 20 13:05:18 UTC 2013
openssl (1.0.1c-4ubuntu4) raring; urgency=low
* SECURITY UPDATE: denial of service via invalid OCSP key
- debian/patches/CVE-2013-0166.patch: properly handle NULL key in
crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
- CVE-2013-0166
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
- debian/patches/CVE-2013-0169.patch: massive code changes
- CVE-2013-0169
* SECURITY UPDATE: denial of service via AES-NI and crafted CBC data
- Fix included in CVE-2013-0169 patch
- CVE-2012-2686
Date: Tue, 19 Feb 2013 13:25:24 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/raring/+source/openssl/1.0.1c-4ubuntu4
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 19 Feb 2013 13:25:24 -0500
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: source
Version: 1.0.1c-4ubuntu4
Distribution: raring
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libcrypto1.0.0-udeb - crypto shared library - udeb (udeb)
libssl-dev - SSL development libraries, header files and documentation
libssl-doc - SSL development documentation documentation
libssl1.0.0 - SSL shared libraries
libssl1.0.0-dbg - Symbol tables for libssl and libcrypto
libssl1.0.0-udeb - ssl shared library - udeb (udeb)
openssl - Secure Socket Layer (SSL) binary and related cryptographic tools
Changes:
openssl (1.0.1c-4ubuntu4) raring; urgency=low
.
* SECURITY UPDATE: denial of service via invalid OCSP key
- debian/patches/CVE-2013-0166.patch: properly handle NULL key in
crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
- CVE-2013-0166
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
- debian/patches/CVE-2013-0169.patch: massive code changes
- CVE-2013-0169
* SECURITY UPDATE: denial of service via AES-NI and crafted CBC data
- Fix included in CVE-2013-0169 patch
- CVE-2012-2686
Checksums-Sha1:
5a7e942898dc6ada91f38b95eab2faad1a55dae1 2391 openssl_1.0.1c-4ubuntu4.dsc
dfdf564cd9ae2f0303d9c6ce5ad4488d12646c57 121998 openssl_1.0.1c-4ubuntu4.debian.tar.gz
Checksums-Sha256:
629561306d52f81c75e62515c52cf2f22678c0f5d039b4d8bb17fee9695658c5 2391 openssl_1.0.1c-4ubuntu4.dsc
217f2cf3fc61227ec87ad786328600d4805c7f931af207ec560ccf9f4e8a5066 121998 openssl_1.0.1c-4ubuntu4.debian.tar.gz
Files:
11d8583d8aed375b544790d6c53a90bb 2391 utils optional openssl_1.0.1c-4ubuntu4.dsc
75c81279224918b0c49e22a93b6489e7 121998 utils optional openssl_1.0.1c-4ubuntu4.debian.tar.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJRJMhnAAoJEGVp2FWnRL6TsG0P/1rAi+Vjly+nF1p1k+kbHlJg
A+oJLkojL77Iv0wrAaFfm7BJTCvtwzlqd7SXCwJqpnnOXHxRQYrrghmVdNXwdaSD
mZ4R09WtxYGNxez+W5h0JN0dXTT9FKPS5u/LSXNK1YE6YyQ3qt5u8puHNS41ievV
K4JWE45jGtCEoOgnWYiK0MEwklDDxCe2rUTv5MBHfzYPV7J6d7Yc1hBv+rJrm5mi
IPePekPfbC0UP2hr9CFjnfTD6zvnywX7pG3wzXgwTQY9r//wRCD0KO4q+hrt9Iwh
Uste20e8sLT7LpriCjG85JVBFVU96BfrIAK0vK3u7K5TLrh+k0w1qkMQKdjLg0L3
XxAYqboQ8a27laQwDQdVkp3yyoNO4SGvXq2sZcJPjRWC/ldRfYPSncIF0smRNGFP
1pjKnEFZpgy8tpDPCX33ifZoF2sSv1mMMzFJNx4eR8x7WspBaSSzsq3muiKDgznG
SUqfg0TWuSiuPaevwxVYs9Q/NBM/VCVOYRry9rw59NxWN8HMEpkaWNQ1gRXc2nkb
az18MWZSjRmAFQ6hEYWzAyUx9UXnfmORQRLT0gH6oW4NVpk0absa/l7pf0XbRdO6
8UNrGPDwC85r4BxXzEKa9c33edlQFWEAxWL85tteQlwqBQijaTNd7rxhOjRJK4+b
E9rJOIzwAtrmX/yx+5Uw
=xBu/
-----END PGP SIGNATURE-----
More information about the Raring-changes
mailing list