Accepted openssl096 0.9.6j-1 (i386 source)

To: debian-devel-changes@lists.debian.org
Subject: Accepted openssl096 0.9.6j-1 (i386 source)
From: Christoph Martin <christoph.martin@uni-mainz.de>
Date: Wed, 16 Apr 2003 08:02:10 -0400
Message-id: <[🔎] E195lcA-0005eU-00@auric.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 16 Apr 2003 11:59:47 +0200
Source: openssl096
Binary: libssl0.9.6
Architecture: source i386
Version: 0.9.6j-1
Distribution: unstable
Urgency: high
Maintainer: Christoph Martin <christoph.martin@uni-mainz.de>
Changed-By: Christoph Martin <christoph.martin@uni-mainz.de>
Description: 
 libssl0.9.6 - SSL shared libraries (old version)
Closes: 189087
Changes: 
 openssl096 (0.9.6j-1) unstable; urgency=high
 .
   * upstream security fix
    - Countermeasure against the Klima-Pokorny-Rosa extension of
      Bleichbacher's attack on PKCS #1 v1.5 padding: treat
      a protocol version number mismatch like a decryption error
      in ssl3_get_client_key_exchange (ssl/s3_srvr.c). (CAN-2003-0131)
     (closes: #189087)
    - Turn on RSA blinding by default in the default implementation
      to avoid a timing attack. Applications that don't want it can call
      RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
      They would be ill-advised to do so in most cases. (CAN-2003-0147)
    - Change RSA blinding code so that it works when the PRNG is not
      seeded (in this case, the secret RSA exponent is abused as
      an unpredictable seed -- if it is not unpredictable, there
      is no point in blinding anyway).  Make RSA blinding thread-safe
      by remembering the creator's thread ID in rsa->blinding and
      having all other threads use local one-time blinding factors
      (this requires more computation than sharing rsa->blinding, but
      avoids excessive locking; and if an RSA object is not shared
      between threads, blinding will still be very fast).
Files: 
 fe6522a304f19c69cbd201e6e17bb77e 594 utils optional openssl096_0.9.6j-1.dsc
 026353f8dc85d95ec382daf724157e0b 2185159 utils optional openssl096_0.9.6j.orig.tar.gz
 7297e90d0cff6fd576c72e91e0da290d 17952 utils optional openssl096_0.9.6j-1.diff.gz
 873a582e0bf89756d6922e87cca36af0 1633212 oldlibs standard libssl0.9.6_0.9.6j-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)

iD8DBQE+nUJHgeVih7XOVJcRAhVmAJ0a0eJGx5D1kAfqLH799REBAkBIdgCfaRMr
znfD/9MQLH6GhrpO/l7ZiAI=
=iEqf
-----END PGP SIGNATURE-----


Accepted:
libssl0.9.6_0.9.6j-1_i386.deb
  to pool/main/o/openssl096/libssl0.9.6_0.9.6j-1_i386.deb
openssl096_0.9.6j-1.diff.gz
  to pool/main/o/openssl096/openssl096_0.9.6j-1.diff.gz
openssl096_0.9.6j-1.dsc
  to pool/main/o/openssl096/openssl096_0.9.6j-1.dsc
openssl096_0.9.6j.orig.tar.gz
  to pool/main/o/openssl096/openssl096_0.9.6j.orig.tar.gz

Reply to:

Prev by Date: Accepted libmetakit2.4.9.2 2.4.9.2-3 (i386 source)
Next by Date: Accepted mftrace 1.0.15-1 (i386 source all)
Previous by thread: Accepted libmetakit2.4.9.2 2.4.9.2-3 (i386 source)
Next by thread: Accepted mftrace 1.0.15-1 (i386 source all)
Index(es):
- Date
- Thread