Accepted openssl 0.9.7a-1 (i386 source)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 21 Feb 2003 22:39:40 +0100
Source: openssl
Binary: libssl0.9.7 libssl-dev openssl
Architecture: source i386
Version: 0.9.7a-1
Distribution: unstable
Urgency: high
Maintainer: Christoph Martin <christoph.martin@uni-mainz.de>
Changed-By: Christoph Martin <christoph.martin@uni-mainz.de>
Description:
libssl-dev - SSL development libraries, header files and documentation
libssl0.9.7 - SSL shared libraries
openssl - Secure Socket Layer (SSL) binary and related cryptographic tools
Changes:
openssl (0.9.7a-1) unstable; urgency=high
.
* upstream Security fix
- In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
via timing by performing a MAC computation even if incorrrect
block cipher padding has been found. This is a countermeasure
against active attacks where the attacker has to distinguish
between bad padding and a MAC verification error. (CAN-2003-0078)
for more details see the CHANGES file
Files:
6bd2ee3c6d819b6be25e470abd795b9d 606 utils optional openssl_0.9.7a-1.dsc
f4304136eb0ba49962df4868d70c48d4 2777602 utils optional openssl_0.9.7a.orig.tar.gz
3b21612fdf6f57667ddc455afed647b1 17640 utils optional openssl_0.9.7a-1.diff.gz
7360ebd5b91f311dd6ee04ffc6d0ae9f 874706 utils optional openssl_0.9.7a-1_i386.deb
625fbc3e69190afb23e3272ff5128857 1997538 libs standard libssl0.9.7_0.9.7a-1_i386.deb
45205909a24a858eff1a03209eabbcf6 1728334 devel optional libssl-dev_0.9.7a-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE+Vqs6geVih7XOVJcRAlTrAJ9BFEx/jaMim8copTgyOVnTDpii+gCfZjzM
d+1TMJI3DKDu3d5yLlQump0=
=5bAL
-----END PGP SIGNATURE-----
Accepted:
libssl-dev_0.9.7a-1_i386.deb
to pool/main/o/openssl/libssl-dev_0.9.7a-1_i386.deb
libssl0.9.7_0.9.7a-1_i386.deb
to pool/main/o/openssl/libssl0.9.7_0.9.7a-1_i386.deb
openssl_0.9.7a-1.diff.gz
to pool/main/o/openssl/openssl_0.9.7a-1.diff.gz
openssl_0.9.7a-1.dsc
to pool/main/o/openssl/openssl_0.9.7a-1.dsc
openssl_0.9.7a-1_i386.deb
to pool/main/o/openssl/openssl_0.9.7a-1_i386.deb
openssl_0.9.7a.orig.tar.gz
to pool/main/o/openssl/openssl_0.9.7a.orig.tar.gz
Reply to: