Accepted openssl097 0.9.7i-1 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 4 Apr 2006 10:39:20 +0200
Source: openssl097
Binary: libssl0.9.7-dbg libssl0.9.7
Architecture: source i386
Version: 0.9.7i-1
Distribution: unstable
Urgency: high
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Changed-By: Christoph Martin <christoph.martin@uni-mainz.de>
Description:
libssl0.9.7 - SSL shared libraries
libssl0.9.7-dbg - Symbol tables for libssl and libcrypt
Changes:
openssl097 (0.9.7i-1) unstable; urgency=high
.
* New upstream release
* Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
(part of SSL_OP_ALL). This option used to disable the
countermeasure against man-in-the-middle protocol-version
rollback in the SSL 2.0 server implementation, which is a bad
idea. (CAN-2005-2969)
* For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform
the exponentiation using a fixed-length exponent. (Otherwise,
the information leaked through timing could expose the secret key
after many signatures; cf. Bleichenbacher's attack on DSA with
biased k.)
* Make a new fixed-window mod_exp implementation the default for
RSA, DSA, and DH private-key operations so that the sequence of
squares and multiplies and the memory access pattern are
independent of the particular secret key. This will mitigate
cache-timing and potential related attacks.
* Change the client implementation for SSLv23_method() and
SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0
Client Hello message format if the SSL_OP_NO_SSLv2 option is set.
(Previously, the SSL 2.0 backwards compatible Client Hello
message format would be used even with SSL_OP_NO_SSLv2.)
Files:
31f775b439e34e59329798f8abfa9c03 1047 utils optional openssl097_0.9.7i-1.dsc
f69d82b206ff8bff9d0e721f97380b9e 3280907 utils optional openssl097_0.9.7i.orig.tar.gz
01a3ad5031c7b827b1cfa264e14bfb3f 37410 utils optional openssl097_0.9.7i-1.diff.gz
3234adb7f6810c1e9783f997e5a98b8e 2282354 oldlibs important libssl0.9.7_0.9.7i-1_i386.deb
8463c6c6b3efe38345db4f25959ad18f 4281198 libdevel extra libssl0.9.7-dbg_0.9.7i-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iQEVAwUBRDO3624/9k35XC9tAQIT+gf/atSWoCyg9LeezaU1ElyVmPPeOeqakJne
ar9UQsur2wfRauiQR39x4lprDKHF1xtda3lBK7o2c2jyL5aPF8pvxGA/oqHrKrXE
UwziN6DQgr4/UKIsU2qa7gPhwyjaDPOkIr2kp5aZMdNdEq2FK+hBpbjaRl4zppxA
nqF5yXaZpEv7ZLeurhOUhzPyikcFmp75zab1lSvonzAkn5N9FV/Xome+xT5lX4JZ
mHY6RhD4gsdCaklDo/QD+f54UfXmr2FcQvNIgR52RcRVjNefetFQxXw4O+brzYdP
ZRor4loMyzB6QYzdOoWCnuHbExhYxcHLe8iSMftPcFBX7cWvoRA2BQ==
=MNHL
-----END PGP SIGNATURE-----
Accepted:
libssl0.9.7-dbg_0.9.7i-1_i386.deb
to pool/main/o/openssl097/libssl0.9.7-dbg_0.9.7i-1_i386.deb
libssl0.9.7_0.9.7i-1_i386.deb
to pool/main/o/openssl097/libssl0.9.7_0.9.7i-1_i386.deb
openssl097_0.9.7i-1.diff.gz
to pool/main/o/openssl097/openssl097_0.9.7i-1.diff.gz
openssl097_0.9.7i-1.dsc
to pool/main/o/openssl097/openssl097_0.9.7i-1.dsc
openssl097_0.9.7i.orig.tar.gz
to pool/main/o/openssl097/openssl097_0.9.7i.orig.tar.gz
Reply to: