-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 21 Feb 2003 22:39:25 +0100
Source: openssl096
Binary: libssl0.9.6
Architecture: source i386
Version: 0.9.6i-1
Distribution: unstable
Urgency: high
Maintainer: Christoph Martin <christoph.martin@uni-mainz.de>
Changed-By: Christoph Martin <christoph.martin@uni-mainz.de>
Description:
libssl0.9.6 - SSL shared libraries (old version)
Changes:
openssl096 (0.9.6i-1) unstable; urgency=high
.
* new upstream security fix
In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
via timing by performing a MAC computation even if incorrrect
block cipher padding has been found. This is a countermeasure
against active attacks where the attacker has to distinguish
between bad padding and a MAC verification error. (CAN-2003-0078)
Files:
d44cd79246f637a3e5bdbab7d5172249 594 utils optional openssl096_0.9.6i-1.dsc
61efe3cae04952bd2028144e8a763162 2182660 utils optional openssl096_0.9.6i.orig.tar.gz
c75c2060d54046623cee70d77ca5f5a9 17412 utils optional openssl096_0.9.6i-1.diff.gz
2be197391a5c9e506f1d7b7b4b1fe828 1628532 oldlibs standard libssl0.9.6_0.9.6i-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE+VqljgeVih7XOVJcRAp22AKCQ6+DY3/sQFKprl06rhhaGbmlxowCdEduT
HW3pCzwx7Mlpoej9vSVt8zQ=
=CAzS
-----END PGP SIGNATURE-----
Accepted:
libssl0.9.6_0.9.6i-1_i386.deb
to pool/main/o/openssl096/libssl0.9.6_0.9.6i-1_i386.deb
openssl096_0.9.6i-1.diff.gz
to pool/main/o/openssl096/openssl096_0.9.6i-1.diff.gz
openssl096_0.9.6i-1.dsc
to pool/main/o/openssl096/openssl096_0.9.6i-1.dsc
openssl096_0.9.6i.orig.tar.gz
to pool/main/o/openssl096/openssl096_0.9.6i.orig.tar.gz
--
To UNSUBSCRIBE, email to debian-devel-changes-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
