Please merge openssl_0.9.8g-15(main) from debian unstable

Bug #314984 reported by Bhavani Shankar on 2009-01-08
2
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: openssl

Debian has a new version to be merged.

openssl (0.9.8g-15) unstable; urgency=low

  * Internal calls to didn't properly check for errors which
    resulted in malformed DSA and ECDSA signatures being treated as
    a good signature rather than as an error. (CVE-2008-5077)
  * ipv6_from_asc() could write 1 byte longer than the buffer in case
    the ipv6 address didn't have "::" part. (Closes: #506111)

 -- Kurt Roeckx <email address hidden> Mon, 05 Jan 2009 21:14:31 +0100

Related branches

CVE References

Bhavani Shankar (bhavi) wrote :
Changed in openssl:
status: New → Confirmed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 0.9.8g-15ubuntu1

---------------
openssl (0.9.8g-15ubuntu1) jaunty; urgency=low

  * Merge from debian unstable, remaining changes: LP: #314984
    - Link using -Bsymbolic-functions
    - Add support for lpia
    - Disable SSLv2 during compile
    - Ship documentation in openssl-doc, suggested by the package.
    - Use a different priority for libssl0.9.8/restart-services
      depending on whether a desktop, or server dist-upgrade is being
      performed.
    - Display a system restart required notification bubble on libssl0.9.8
      upgrade.
    - Replace duplicate files in the doc directory with symlinks.

openssl (0.9.8g-15) unstable; urgency=low

  * Internal calls to didn't properly check for errors which
    resulted in malformed DSA and ECDSA signatures being treated as
    a good signature rather than as an error. (CVE-2008-5077)
  * ipv6_from_asc() could write 1 byte longer than the buffer in case
    the ipv6 address didn't have "::" part. (Closes: #506111)

 -- Bhavani Shankar <email address hidden> Thu, 08 Jan 2009 12:38:06 +0530

Changed in openssl:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers