This bug was fixed in the package openssl - 0.9.8g-15ubuntu1
---------------
openssl (0.9.8g-15ubuntu1) jaunty; urgency=low
* Merge from debian unstable, remaining changes: LP: #314984
- Link using -Bsymbolic-functions
- Add support for lpia
- Disable SSLv2 during compile
- Ship documentation in openssl-doc, suggested by the package.
- Use a different priority for libssl0.9.8/restart-services
depending on whether a desktop, or server dist-upgrade is being
performed.
- Display a system restart required notification bubble on libssl0.9.8
upgrade.
- Replace duplicate files in the doc directory with symlinks.
openssl (0.9.8g-15) unstable; urgency=low
* Internal calls to didn't properly check for errors which
resulted in malformed DSA and ECDSA signatures being treated as
a good signature rather than as an error. (CVE-2008-5077)
* ipv6_from_asc() could write 1 byte longer than the buffer in case
the ipv6 address didn't have "::" part. (Closes: #506111)
-- Bhavani Shankar <right2bh...@gmail.com> Thu, 08 Jan 2009 12:38:06
+0530
** Changed in: openssl (Ubuntu)
Status: Confirmed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5077
--
Please merge openssl_0.9.8g-15(main) from debian unstable
https://bugs.launchpad.net/bugs/314984
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
