SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libopenssl0_9_8-debuginfo-32bit-0.9.8zh-18.1.x86_64.rpm :

* Thu Apr 28 2016 vcizekAATTsuse.com- OpenSSL Security Advisory [3rd May 2016]
* Memory corruption in the ASN.1 encoder - bsc#977617 (CVE-2016-2108)
* EVP_EncodeUpdate overflow - bsc#977614 (CVE-2016-2105)
* EVP_EncryptUpdate overflow - bsc#977615 (CVE-2016-2106)
* ASN.1 BIO excessive memory allocation - bsc#976942 (CVE-2016-2109)
* add patches + openssl-CVE-2016-2105.patch + openssl-CVE-2016-2106.patch + openssl-CVE-2016-2108.patch + openssl-CVE-2016-2109.patch- Fix side channel attack on modular exponentiation
* \"CacheBleed\" (bsc#968050)
* add openssl-CVE-2016-0702.patch- Fix buffer overrun in ASN1_parse (bsc#976943)
* add 0001-Fix-buffer-overrun-in-ASN1_parse.patch
* Tue Mar 01 2016 vcizekAATTsuse.com- Fix CVE-2016-0797 (bnc#968048) via \"openssl-CVE-2016-0797.patch\".- Fix CVE-2016-0799 (bnc#968374) via \"openssl-CVE-2016-0799.patch\".- Fix CVE-2016-0800 (bnc#968046, \"Drown\")
* add openssl-CVE-2016-0800-DROWN-disable-ssl2.patch
* Tue Mar 01 2016 vcizekAATTsuse.com- update to 0.9.8zh
* fixes many security vulnerabilities: CVE-2015-3195, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288, CVE-2014-3571, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2014-8275, CVE-2014-3570, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566, CVE-2014-3510, CVE-2014-3507, CVE-2014-3506, CVE-2014-3505, CVE-2014-3508, CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470, CVE-2014-0076, CVE-2013-0169, CVE-2013-0166
* remove broken debug build targets openssl-fix-config-test-sanity.patch
* Wed Feb 24 2016 vcizekAATTsuse.com- avoid running OPENSSL_config twice. This avoids breaking engine loading. (bsc#952871, bsc#967787)
* add openssl-avoid-config-twice.patch
* Fri Feb 12 2016 vcizekAATTsuse.com- fix CVE-2015-3197 (bsc#963415)
* SSLv2 doesn\'t block disabled ciphers
* add openssl-CVE-2015-3197.patch
* Sat Jan 25 2014 dmuellerAATTsuse.com- avoid test suite on user mode build
* Wed Jan 08 2014 normandAATTlinux.vnet.ibm.com- added patches:
* libopenssl_add_ppc64le.patch
* Thu Jun 20 2013 cooloAATTsuse.com- don\'t fiddle with man pages we\'re deleting later (fixes build with perl 5.18)
* Wed Jun 20 2012 meissnerAATTsuse.com- updated to 0.9.8x - mostly bug and lots of security fixes rolled up
* Tue Sep 20 2011 gjheAATTsuse.com- fix bug[bnc#716144] - VUL-0: openssl ECDH crash. CVE-2011-3210
* Thu Dec 09 2010 gjheAATTnovell.com- fix bug [bnc#657663] CVE-2010-4180 for CVE-2010-4252,no patch is added(for the J-PAKE implementaion is not compiled in by default).
* Mon Apr 12 2010 meissnerAATTsuse.de- renamed to libopenssl0_9_8 to provide compatibility
* Thu Mar 25 2010 gjheAATTnovell.com- fix security bug [bnc#590833] CVE-2010-0740
* Mon Mar 22 2010 gjheAATTnovell.com- update to version 0.9.8m Merge the following patches from 0.9.8k: bswap.diff non-exec-stack.diff openssl-0.9.6g-alpha.diff openssl-0.9.7f-ppc64.diff openssl-0.9.8-flags-priority.dif openssl-0.9.8-sparc.dif openssl-allow-arch.diff openssl-hppa-config.diff
* Fri Feb 05 2010 jengelhAATTmedozas.de- build openssl for sparc64
* Mon Dec 14 2009 jengelhAATTmedozas.de- add baselibs.conf as a source- package documentation as noarch
* Tue Nov 03 2009 cooloAATTnovell.com- updated patches to apply with fuzz=0
* Tue Sep 01 2009 gjheAATTnovell.com- fix Bug [bnc#526319]
* Wed Aug 26 2009 cooloAATTnovell.com- use %patch0 for Patch0
* Fri Jul 03 2009 gjheAATTnovell.com- update to version 0.9.8k- patches merged upstream: openssl-CVE-2008-5077.patch openssl-CVE-2009-0590.patch openssl-CVE-2009-0591.patch openssl-CVE-2009-0789.patch openssl-CVE-2009-1377.patch openssl-CVE-2009-1378.patch openssl-CVE-2009-1379.patch openssl-CVE-2009-1386.patch openssl-CVE-2009-1387.patch
* Tue Jun 30 2009 gjheAATTnovell.com- fix security bug [bnc#509031] CVE-2009-1386 CVE-2009-1387
* Tue Jun 30 2009 gjheAATTnovell.com- fix security bug [bnc#504687] CVE-2009-1377 CVE-2009-1378 CVE-2009-1379
* Wed Apr 15 2009 gjheAATTsuse.de- fix security bug [bnc#489641] CVE-2009-0590 CVE-2009-0591 CVE-2009-0789
  
ICM