Comment 2 for bug 314984

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 0.9.8g-15ubuntu1

---------------
openssl (0.9.8g-15ubuntu1) jaunty; urgency=low

  * Merge from debian unstable, remaining changes: LP: #314984
    - Link using -Bsymbolic-functions
    - Add support for lpia
    - Disable SSLv2 during compile
    - Ship documentation in openssl-doc, suggested by the package.
    - Use a different priority for libssl0.9.8/restart-services
      depending on whether a desktop, or server dist-upgrade is being
      performed.
    - Display a system restart required notification bubble on libssl0.9.8
      upgrade.
    - Replace duplicate files in the doc directory with symlinks.

openssl (0.9.8g-15) unstable; urgency=low

  * Internal calls to didn't properly check for errors which
    resulted in malformed DSA and ECDSA signatures being treated as
    a good signature rather than as an error. (CVE-2008-5077)
  * ipv6_from_asc() could write 1 byte longer than the buffer in case
    the ipv6 address didn't have "::" part. (Closes: #506111)

 -- Bhavani Shankar <email address hidden> Thu, 08 Jan 2009 12:38:06 +0530