openssl097 0.9.7g-5ubuntu1.1 source package in Ubuntu

Changelog

openssl097 (0.9.7g-5ubuntu1.1) dapper-security; urgency=low

  * SECURITY UPDATE: Multiple vulnerabilities.
  * Apply http://www.openssl.org/news/patch-CVE-2006-4339.txt:
    - Check excessive data in padding of PKCS #1 v1.5 signatures to prevent
      applications from incorrectly verifying the certificate. [CVE-2006-4339]
    - http://www.openssl.org/news/secadv_20060905.txt
  * crypto/asn1/tasn_dec.c, asn1_d2i_ex_primitive(): Initialize 'ret' to avoid
    an infinite loop in some circumstances. [CVE-2006-2937]
  * ssl/ssl_lib.c, SSL_get_shared_ciphers(): Fix len comparison to correctly
    handle invalid long cipher list strings. [CVE-2006-3738]
  * ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to
    avoid client crash with malicious server responses. [CVE-2006-4343]
  * Certain types of public key could take disproportionate amounts of time to
    process. Apply patch from Bodo Moeller to impose limits to public key type
    values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940]

 -- Martin Pitt <email address hidden>   Wed,  4 Oct 2006 10:02:28 +0200