Comment 4 for bug 1187195

This bug was fixed in the package openssl - 1.0.1e-2ubuntu1.1

---------------
openssl (1.0.1e-2ubuntu1.1) saucy-security; urgency=low

  * SECURITY UPDATE: Disable compression to avoid CRIME systemwide
    (LP: #1187195)
    - CVE-2012-4929
    - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
      zlib to compress SSL/TLS unless the environment variable
      OPENSSL_DEFAULT_ZLIB is set in the environment during library
      initialization.
    - Introduced to assist with programs not yet updated to provide their own
      controls on compression, such as Postfix
    - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch
 -- Seth Arnold <email address hidden> Mon, 03 Jun 2013 18:14:05 -0700