Debian Package Tracker

From: Christoph Martin <christoph.martin@uni-mainz.de>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted openssl097 0.9.7i-1 (source i386)
Date: Wed, 05 Apr 2006 05:47:14 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue,  4 Apr 2006 10:39:20 +0200
Source: openssl097
Binary: libssl0.9.7-dbg libssl0.9.7
Architecture: source i386
Version: 0.9.7i-1
Distribution: unstable
Urgency: high
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Changed-By: Christoph Martin <christoph.martin@uni-mainz.de>
Description: 
 libssl0.9.7 - SSL shared libraries
 libssl0.9.7-dbg - Symbol tables for libssl and libcrypt
Changes: 
 openssl097 (0.9.7i-1) unstable; urgency=high
 .
   * New upstream release
    * Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
      (part of SSL_OP_ALL).  This option used to disable the
      countermeasure against man-in-the-middle protocol-version
      rollback in the SSL 2.0 server implementation, which is a bad
      idea.  (CAN-2005-2969)
    * For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform
      the exponentiation using a fixed-length exponent.  (Otherwise,
      the information leaked through timing could expose the secret key
      after many signatures; cf. Bleichenbacher's attack on DSA with
      biased k.)
    * Make a new fixed-window mod_exp implementation the default for
      RSA, DSA, and DH private-key operations so that the sequence of
      squares and multiplies and the memory access pattern are
      independent of the particular secret key.  This will mitigate
      cache-timing and potential related attacks.
    * Change the client implementation for SSLv23_method() and
      SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0
      Client Hello message format if the SSL_OP_NO_SSLv2 option is set.
      (Previously, the SSL 2.0 backwards compatible Client Hello
      message format would be used even with SSL_OP_NO_SSLv2.)
Files: 
 31f775b439e34e59329798f8abfa9c03 1047 utils optional openssl097_0.9.7i-1.dsc
 f69d82b206ff8bff9d0e721f97380b9e 3280907 utils optional openssl097_0.9.7i.orig.tar.gz
 01a3ad5031c7b827b1cfa264e14bfb3f 37410 utils optional openssl097_0.9.7i-1.diff.gz
 3234adb7f6810c1e9783f997e5a98b8e 2282354 oldlibs important libssl0.9.7_0.9.7i-1_i386.deb
 8463c6c6b3efe38345db4f25959ad18f 4281198 libdevel extra libssl0.9.7-dbg_0.9.7i-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iQEVAwUBRDO3624/9k35XC9tAQIT+gf/atSWoCyg9LeezaU1ElyVmPPeOeqakJne
ar9UQsur2wfRauiQR39x4lprDKHF1xtda3lBK7o2c2jyL5aPF8pvxGA/oqHrKrXE
UwziN6DQgr4/UKIsU2qa7gPhwyjaDPOkIr2kp5aZMdNdEq2FK+hBpbjaRl4zppxA
nqF5yXaZpEv7ZLeurhOUhzPyikcFmp75zab1lSvonzAkn5N9FV/Xome+xT5lX4JZ
mHY6RhD4gsdCaklDo/QD+f54UfXmr2FcQvNIgR52RcRVjNefetFQxXw4O+brzYdP
ZRor4loMyzB6QYzdOoWCnuHbExhYxcHLe8iSMftPcFBX7cWvoRA2BQ==
=MNHL
-----END PGP SIGNATURE-----


Accepted:
libssl0.9.7-dbg_0.9.7i-1_i386.deb
  to pool/main/o/openssl097/libssl0.9.7-dbg_0.9.7i-1_i386.deb
libssl0.9.7_0.9.7i-1_i386.deb
  to pool/main/o/openssl097/libssl0.9.7_0.9.7i-1_i386.deb
openssl097_0.9.7i-1.diff.gz
  to pool/main/o/openssl097/openssl097_0.9.7i-1.diff.gz
openssl097_0.9.7i-1.dsc
  to pool/main/o/openssl097/openssl097_0.9.7i-1.dsc
openssl097_0.9.7i.orig.tar.gz
  to pool/main/o/openssl097/openssl097_0.9.7i.orig.tar.gz
News for package openssl097
