Changelog for compat-openssl097g-32bit-0.9.7g-155.2.1.x86_64.rpm :
Thu Jul 21 14:00:00 2011 gjheAATTnovell.com
- batch sync with fixes of openssl from year 2007 to now(2011)

* openssl-cipher_selection_backport_from_sle10sp3.patch

* openssl-0.9.7d-CVE-2008-5077.patch

* openssl-CVE-2009-0590.patch

* openssl-CVE-2009-0789.patch

* openssl-CVE-2009-3555.patch

* CVE-2010-4180.patch

Wed Jan 27 13:00:00 2010 jengelhAATTmedozas.de
- package baselibs.conf

Tue Nov 3 13:00:00 2009 cooloAATTnovell.com
- updated patches to apply with fuzz=0

Wed Aug 26 14:00:00 2009 mlsAATTsuse.de
- make patch0 usage consistent

Wed Dec 10 13:00:00 2008 olhAATTsuse.de
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
(bnc#437293)

Thu Oct 30 13:00:00 2008 olhAATTsuse.de
- obsolete old -XXbit packages (bnc#437293)

Thu Apr 10 14:00:00 2008 roAATTsuse.de
- added baselibs.conf file to build xxbit packages
for multilib support

Thu Feb 28 13:00:00 2008 mkoenigAATTsuse.de
- fix buffer overflow CVE-2007-5135 [#329208]

Wed Oct 4 14:00:00 2006 poemlAATTsuse.de
- an attacker could send a list of ciphers that would overrun a
buffer in SSL_get_shared_ciphers() CVE-2006-3738 [#202366]
- fix possible crash in SSLv2 client triggerable by a malicious
server. CVE-2006-4343 [#202366]
- fix mishandling of an error condition in parsing of certain
invalid ASN1 structures, which could result in an infinite loop
which consumes system memory. CVE-2006-2937 [#202366]
- Certain types of public key can take disproportionate amounts of
time to process. This could be used by an attacker in a denial of
service attack. CVE-2006-2940 [#207635]
- add fix for the CVE-2006-2940 patch: the newly introduced limit
on DH modulus size could lead to a crash when exerted. [#208971]
- security vulnerability which could allow RSA Signature Forgery,
fix from 0.9.8c. CVE-2006-4339 [#203595]

Wed May 17 14:00:00 2006 schwabAATTsuse.de
- Don\'t strip binaries.