Accepted openssl096 0.9.6k-1 (i386 source)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 1 Oct 2003 10:27:33 +0200
Source: openssl096
Binary: libssl0.9.6
Architecture: source i386
Version: 0.9.6k-1
Distribution: unstable
Urgency: high
Maintainer: Christoph Martin <christoph.martin@uni-mainz.de>
Changed-By: Christoph Martin <christoph.martin@uni-mainz.de>
Description:
libssl0.9.6 - SSL shared libraries (old version)
Closes: 213451
Changes:
openssl096 (0.9.6k-1) unstable; urgency=high
.
* upstream security fix (closes: #213451)
- Fix various bugs revealed by running the NISCC test suite:
Stop out of bounds reads in the ASN1 code when presented with
invalid tags (CAN-2003-0543 and CAN-2003-0544).
If verify callback ignores invalid public key errors don't try to check
certificate signature with the NULL public key.
- In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
if the server requested one: as stated in TLS 1.0 and SSL 3.0
specifications.
* more minor upstream bugfixes
Files:
92e054844aafe23d5840f927bd4f445f 605 utils optional openssl096_0.9.6k-1.dsc
e6317354ddfe00c395bc075fd7f47dd7 2185928 utils optional openssl096_0.9.6k.orig.tar.gz
2b3d2df9bcd7a8e822c034d8626a3166 18102 utils optional openssl096_0.9.6k-1.diff.gz
f4e84799c0e81e1b758fa5fdaeee00cc 1633610 oldlibs standard libssl0.9.6_0.9.6k-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/etLCgeVih7XOVJcRAnEhAJ47LJrizM1ZBL8Ol61DFHue3XCIdwCgjB9G
o/cLiX3qoiDy3mq06a5u7zU=
=+EBB
-----END PGP SIGNATURE-----
Accepted:
libssl0.9.6_0.9.6k-1_i386.deb
to pool/main/o/openssl096/libssl0.9.6_0.9.6k-1_i386.deb
openssl096_0.9.6k-1.diff.gz
to pool/main/o/openssl096/openssl096_0.9.6k-1.diff.gz
openssl096_0.9.6k-1.dsc
to pool/main/o/openssl096/openssl096_0.9.6k-1.dsc
openssl096_0.9.6k.orig.tar.gz
to pool/main/o/openssl096/openssl096_0.9.6k.orig.tar.gz
Reply to: