-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 16 Apr 2003 11:59:47 +0200 Source: openssl096 Binary: libssl0.9.6 Architecture: source i386 Version: 0.9.6j-1 Distribution: unstable Urgency: high Maintainer: Christoph Martin <christoph.martin@uni-mainz.de> Changed-By: Christoph Martin <christoph.martin@uni-mainz.de> Description: libssl0.9.6 - SSL shared libraries (old version) Closes: 189087 Changes: openssl096 (0.9.6j-1) unstable; urgency=high . * upstream security fix - Countermeasure against the Klima-Pokorny-Rosa extension of Bleichbacher's attack on PKCS #1 v1.5 padding: treat a protocol version number mismatch like a decryption error in ssl3_get_client_key_exchange (ssl/s3_srvr.c). (CAN-2003-0131) (closes: #189087) - Turn on RSA blinding by default in the default implementation to avoid a timing attack. Applications that don't want it can call RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING. They would be ill-advised to do so in most cases. (CAN-2003-0147) - Change RSA blinding code so that it works when the PRNG is not seeded (in this case, the secret RSA exponent is abused as an unpredictable seed -- if it is not unpredictable, there is no point in blinding anyway). Make RSA blinding thread-safe by remembering the creator's thread ID in rsa->blinding and having all other threads use local one-time blinding factors (this requires more computation than sharing rsa->blinding, but avoids excessive locking; and if an RSA object is not shared between threads, blinding will still be very fast). Files: fe6522a304f19c69cbd201e6e17bb77e 594 utils optional openssl096_0.9.6j-1.dsc 026353f8dc85d95ec382daf724157e0b 2185159 utils optional openssl096_0.9.6j.orig.tar.gz 7297e90d0cff6fd576c72e91e0da290d 17952 utils optional openssl096_0.9.6j-1.diff.gz 873a582e0bf89756d6922e87cca36af0 1633212 oldlibs standard libssl0.9.6_0.9.6j-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE+nUJHgeVih7XOVJcRAhVmAJ0a0eJGx5D1kAfqLH799REBAkBIdgCfaRMr znfD/9MQLH6GhrpO/l7ZiAI= =iEqf -----END PGP SIGNATURE----- Accepted: libssl0.9.6_0.9.6j-1_i386.deb to pool/main/o/openssl096/libssl0.9.6_0.9.6j-1_i386.deb openssl096_0.9.6j-1.diff.gz to pool/main/o/openssl096/openssl096_0.9.6j-1.diff.gz openssl096_0.9.6j-1.dsc to pool/main/o/openssl096/openssl096_0.9.6j-1.dsc openssl096_0.9.6j.orig.tar.gz to pool/main/o/openssl096/openssl096_0.9.6j.orig.tar.gz -- To UNSUBSCRIBE, email to debian-devel-changes-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
