-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 21 Feb 2003 22:39:40 +0100 Source: openssl Binary: libssl0.9.7 libssl-dev openssl Architecture: source i386 Version: 0.9.7a-1 Distribution: unstable Urgency: high Maintainer: Christoph Martin <[EMAIL PROTECTED]> Changed-By: Christoph Martin <[EMAIL PROTECTED]> Description: libssl-dev - SSL development libraries, header files and documentation libssl0.9.7 - SSL shared libraries openssl - Secure Socket Layer (SSL) binary and related cryptographic tools Changes: openssl (0.9.7a-1) unstable; urgency=high . * upstream Security fix - In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This is a countermeasure against active attacks where the attacker has to distinguish between bad padding and a MAC verification error. (CAN-2003-0078) for more details see the CHANGES file Files: 6bd2ee3c6d819b6be25e470abd795b9d 606 utils optional openssl_0.9.7a-1.dsc f4304136eb0ba49962df4868d70c48d4 2777602 utils optional openssl_0.9.7a.orig.tar.gz 3b21612fdf6f57667ddc455afed647b1 17640 utils optional openssl_0.9.7a-1.diff.gz 7360ebd5b91f311dd6ee04ffc6d0ae9f 874706 utils optional openssl_0.9.7a-1_i386.deb 625fbc3e69190afb23e3272ff5128857 1997538 libs standard libssl0.9.7_0.9.7a-1_i386.deb 45205909a24a858eff1a03209eabbcf6 1728334 devel optional libssl-dev_0.9.7a-1_i386.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE+Vqs6geVih7XOVJcRAlTrAJ9BFEx/jaMim8copTgyOVnTDpii+gCfZjzM d+1TMJI3DKDu3d5yLlQump0= =5bAL -----END PGP SIGNATURE----- Accepted: libssl-dev_0.9.7a-1_i386.deb to pool/main/o/openssl/libssl-dev_0.9.7a-1_i386.deb libssl0.9.7_0.9.7a-1_i386.deb to pool/main/o/openssl/libssl0.9.7_0.9.7a-1_i386.deb openssl_0.9.7a-1.diff.gz to pool/main/o/openssl/openssl_0.9.7a-1.diff.gz openssl_0.9.7a-1.dsc to pool/main/o/openssl/openssl_0.9.7a-1.dsc openssl_0.9.7a-1_i386.deb to pool/main/o/openssl/openssl_0.9.7a-1_i386.deb openssl_0.9.7a.orig.tar.gz to pool/main/o/openssl/openssl_0.9.7a.orig.tar.gz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]