Monday, 10 June 2013

Call for testing: OpenSSL, compression security fix


I have pushed updated OpenSSL packages for Ubuntu 10.04 LTS, 12.04 LTS,
12.10, 13.04, and Saucy into the -proposed pocket. Saucy's OpenSSL has
been accepted into -release.

See for documentation how
to enable and use -proposed.

The packages fix the following security issues:

The update disables compression before encryption for all applications,
unless the OPENSSL_DEFAULT_ZLIB environment variable is defined in the
program's environment at start.

Please report any issues in the tracking bug:

If no issues are reported, I plan on releasing the packages as security
updates in a couple of weeks.