-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 1 Oct 2003 10:27:33 +0200 Source: openssl096 Binary: libssl0.9.6 Architecture: source i386 Version: 0.9.6k-1 Distribution: unstable Urgency: high Maintainer: Christoph Martin <christoph.martin@uni-mainz.de> Changed-By: Christoph Martin <christoph.martin@uni-mainz.de> Description: libssl0.9.6 - SSL shared libraries (old version) Closes: 213451 Changes: openssl096 (0.9.6k-1) unstable; urgency=high . * upstream security fix (closes: #213451) - Fix various bugs revealed by running the NISCC test suite: Stop out of bounds reads in the ASN1 code when presented with invalid tags (CAN-2003-0543 and CAN-2003-0544). If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. - In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate if the server requested one: as stated in TLS 1.0 and SSL 3.0 specifications. * more minor upstream bugfixes Files: 92e054844aafe23d5840f927bd4f445f 605 utils optional openssl096_0.9.6k-1.dsc e6317354ddfe00c395bc075fd7f47dd7 2185928 utils optional openssl096_0.9.6k.orig.tar.gz 2b3d2df9bcd7a8e822c034d8626a3166 18102 utils optional openssl096_0.9.6k-1.diff.gz f4e84799c0e81e1b758fa5fdaeee00cc 1633610 oldlibs standard libssl0.9.6_0.9.6k-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/etLCgeVih7XOVJcRAnEhAJ47LJrizM1ZBL8Ol61DFHue3XCIdwCgjB9G o/cLiX3qoiDy3mq06a5u7zU= =+EBB -----END PGP SIGNATURE----- Accepted: libssl0.9.6_0.9.6k-1_i386.deb to pool/main/o/openssl096/libssl0.9.6_0.9.6k-1_i386.deb openssl096_0.9.6k-1.diff.gz to pool/main/o/openssl096/openssl096_0.9.6k-1.diff.gz openssl096_0.9.6k-1.dsc to pool/main/o/openssl096/openssl096_0.9.6k-1.dsc openssl096_0.9.6k.orig.tar.gz to pool/main/o/openssl096/openssl096_0.9.6k.orig.tar.gz -- To UNSUBSCRIBE, email to debian-devel-changes-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
