-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 1 Oct 2003 08:54:27 +0200 Source: openssl Binary: libssl0.9.7 libssl-dev openssl Architecture: source i386 Version: 0.9.7c-1 Distribution: unstable Urgency: high Maintainer: Christoph Martin <[EMAIL PROTECTED]> Changed-By: Christoph Martin <[EMAIL PROTECTED]> Description: libssl-dev - SSL development libraries, header files and documentation libssl0.9.7 - SSL shared libraries openssl - Secure Socket Layer (SSL) binary and related cryptographic tools Closes: 190026 198594 200381 213451 Changes: openssl (0.9.7c-1) unstable; urgency=high . * upstream security fix (closes: #213451) - Fix various bugs revealed by running the NISCC test suite: Stop out of bounds reads in the ASN1 code when presented with invalid tags (CAN-2003-0543 and CAN-2003-0544). Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545). If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. - In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate if the server requested one: as stated in TLS 1.0 and SSL 3.0 specifications. * more minor upstream bugfixes * fix formatting in c_issuer (closes: #190026) * fix Debian-FreeBSD support (closes: #200381) * restart some services in postinst to make them use the new libraries * remove duplicated openssl.1, crypto.3 and ssl.3 (closes: #198594) Files: 3ed9ddeab2549c9791e2d3884fd7caca 617 utils optional openssl_0.9.7c-1.dsc a1112797461c33b71b6a6d7ea9c4bc71 2792439 utils optional openssl_0.9.7c.orig.tar.gz ec9fdf5c1f24c95f5730df484b34e5ef 19688 utils optional openssl_0.9.7c-1.diff.gz b97c3e7abc8f687a5216619302849717 873786 utils optional openssl_0.9.7c-1_i386.deb 1780d2c9f50117e0ec5eb2234fbc3106 2006688 libs standard libssl0.9.7_0.9.7c-1_i386.deb 43a45c667db24f0db13c0d12a4793edd 1722350 libdevel optional libssl-dev_0.9.7c-1_i386.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/eoeRgeVih7XOVJcRAn0XAKCFf1S54CHfpDQPP187fBmqzA7yOgCaAt0P g5G/LJij9lN31qEDHKS38Cw= =RF9H -----END PGP SIGNATURE----- Accepted: libssl-dev_0.9.7c-1_i386.deb to pool/main/o/openssl/libssl-dev_0.9.7c-1_i386.deb libssl0.9.7_0.9.7c-1_i386.deb to pool/main/o/openssl/libssl0.9.7_0.9.7c-1_i386.deb openssl_0.9.7c-1.diff.gz to pool/main/o/openssl/openssl_0.9.7c-1.diff.gz openssl_0.9.7c-1.dsc to pool/main/o/openssl/openssl_0.9.7c-1.dsc openssl_0.9.7c-1_i386.deb to pool/main/o/openssl/openssl_0.9.7c-1_i386.deb openssl_0.9.7c.orig.tar.gz to pool/main/o/openssl/openssl_0.9.7c.orig.tar.gz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]