SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libopenssl0_9_8-0.9.8zh-1.1.x86_64.rpm :
Thu Apr 28 14:00:00 2016 vcizekAATTsuse.com
- OpenSSL Security Advisory [3rd May 2016]

* Memory corruption in the ASN.1 encoder
- bsc#977617 (CVE-2016-2108)

* EVP_EncodeUpdate overflow
- bsc#977614 (CVE-2016-2105)

* EVP_EncryptUpdate overflow
- bsc#977615 (CVE-2016-2106)

* ASN.1 BIO excessive memory allocation
- bsc#976942 (CVE-2016-2109)

* add patches
+ openssl-CVE-2016-2105.patch
+ openssl-CVE-2016-2106.patch
+ openssl-CVE-2016-2108.patch
+ openssl-CVE-2016-2109.patch
- Fix side channel attack on modular exponentiation

* \"CacheBleed\" (bsc#968050)

* add openssl-CVE-2016-0702.patch
- Fix buffer overrun in ASN1_parse (bsc#976943)

* add 0001-Fix-buffer-overrun-in-ASN1_parse.patch

Tue Mar 1 13:00:00 2016 vcizekAATTsuse.com
- Fix CVE-2016-0797 (bnc#968048) via \"openssl-CVE-2016-0797.patch\".
- Fix CVE-2016-0799 (bnc#968374) via \"openssl-CVE-2016-0799.patch\".
- Fix CVE-2016-0800 (bnc#968046, \"Drown\")

* add openssl-CVE-2016-0800-DROWN-disable-ssl2.patch

Tue Mar 1 13:00:00 2016 vcizekAATTsuse.com
- update to 0.9.8zh

* fixes many security vulnerabilities:
CVE-2015-3195, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790,
CVE-2015-1792, CVE-2015-1791, CVE-2015-0286, CVE-2015-0287,
CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288,
CVE-2014-3571, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204,
CVE-2014-8275, CVE-2014-3570, CVE-2014-3567, CVE-2014-3568,
CVE-2014-3566, CVE-2014-3510, CVE-2014-3507, CVE-2014-3506,
CVE-2014-3505, CVE-2014-3508, CVE-2014-0224, CVE-2014-0221,
CVE-2014-0195, CVE-2014-3470, CVE-2014-0076, CVE-2013-0169,
CVE-2013-0166

* remove broken debug build targets
openssl-fix-config-test-sanity.patch

Wed Feb 24 13:00:00 2016 vcizekAATTsuse.com
- avoid running OPENSSL_config twice. This avoids breaking
engine loading. (bsc#952871, bsc#967787)

* add openssl-avoid-config-twice.patch

Fri Feb 12 13:00:00 2016 vcizekAATTsuse.com
- fix CVE-2015-3197 (bsc#963415)

* SSLv2 doesn\'t block disabled ciphers

* add openssl-CVE-2015-3197.patch

Sat Jan 25 13:00:00 2014 dmuellerAATTsuse.com
- avoid test suite on user mode build

Wed Jan 8 13:00:00 2014 normandAATTlinux.vnet.ibm.com
- added patches:

* libopenssl_add_ppc64le.patch

Thu Jun 20 14:00:00 2013 cooloAATTsuse.com
- don\'t fiddle with man pages we\'re deleting later (fixes build
with perl 5.18)

Wed Jun 20 14:00:00 2012 meissnerAATTsuse.com
- updated to 0.9.8x
- mostly bug and lots of security fixes rolled up

Tue Sep 20 14:00:00 2011 gjheAATTsuse.com
- fix bug[bnc#716144] - VUL-0: openssl ECDH crash.
CVE-2011-3210

Thu Dec 9 13:00:00 2010 gjheAATTnovell.com
- fix bug [bnc#657663]
CVE-2010-4180
for CVE-2010-4252,no patch is added(for the J-PAKE
implementaion is not compiled in by default).

Mon Apr 12 14:00:00 2010 meissnerAATTsuse.de
- renamed to libopenssl0_9_8 to provide compatibility

Thu Mar 25 13:00:00 2010 gjheAATTnovell.com
- fix security bug [bnc#590833]
CVE-2010-0740

Mon Mar 22 13:00:00 2010 gjheAATTnovell.com
- update to version 0.9.8m
Merge the following patches from 0.9.8k:
bswap.diff
non-exec-stack.diff
openssl-0.9.6g-alpha.diff
openssl-0.9.7f-ppc64.diff
openssl-0.9.8-flags-priority.dif
openssl-0.9.8-sparc.dif
openssl-allow-arch.diff
openssl-hppa-config.diff

Fri Feb 5 13:00:00 2010 jengelhAATTmedozas.de
- build openssl for sparc64

Mon Dec 14 13:00:00 2009 jengelhAATTmedozas.de
- add baselibs.conf as a source
- package documentation as noarch

Tue Nov 3 13:00:00 2009 cooloAATTnovell.com
- updated patches to apply with fuzz=0

Tue Sep 1 14:00:00 2009 gjheAATTnovell.com
- fix Bug [bnc#526319]

Wed Aug 26 14:00:00 2009 cooloAATTnovell.com
- use %patch0 for Patch0

Fri Jul 3 14:00:00 2009 gjheAATTnovell.com
- update to version 0.9.8k
- patches merged upstream:
openssl-CVE-2008-5077.patch
openssl-CVE-2009-0590.patch
openssl-CVE-2009-0591.patch
openssl-CVE-2009-0789.patch
openssl-CVE-2009-1377.patch
openssl-CVE-2009-1378.patch
openssl-CVE-2009-1379.patch
openssl-CVE-2009-1386.patch
openssl-CVE-2009-1387.patch

Tue Jun 30 14:00:00 2009 gjheAATTnovell.com
- fix security bug [bnc#509031]
CVE-2009-1386
CVE-2009-1387

Tue Jun 30 14:00:00 2009 gjheAATTnovell.com
- fix security bug [bnc#504687]
CVE-2009-1377
CVE-2009-1378
CVE-2009-1379

Wed Apr 15 14:00:00 2009 gjheAATTsuse.de
- fix security bug [bnc#489641]
CVE-2009-0590
CVE-2009-0591
CVE-2009-0789


  
ICM