Format: 1.8
Date: Thu, 07 Aug 2014 09:34:54 -0400
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: amd64 amd64_translations
Version: 1.0.1f-1ubuntu7
Distribution: utopic-proposed
Urgency: medium
Maintainer: Ubuntu/amd64 Build Daemon <buildd@lamiak.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.0.0-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.0.1f-1ubuntu7) utopic; urgency=medium
 .
   * SECURITY UPDATE: double free when processing DTLS packets
     - debian/patches/CVE-2014-3505.patch: fix double free in ssl/d1_both.c.
     - CVE-2014-3505
   * SECURITY UPDATE: DTLS memory exhaustion
     - debian/patches/CVE-2014-3506.patch: fix DTLS handshake message size
       checks in ssl/d1_both.c.
     - CVE-2014-3506
   * SECURITY UPDATE: DTLS memory leak from zero-length fragments
     - debian/patches/CVE-2014-3507.patch: fix memory leak and return codes
       in ssl/d1_both.c.
     - CVE-2014-3507
   * SECURITY UPDATE: information leak in pretty printing functions
     - debian/patches/CVE-2014-3508.patch: fix OID handling in
       crypto/asn1/a_object.c, crypto/objects/obj_dat.c.
     - CVE-2014-3508
   * SECURITY UPDATE: race condition in ssl_parse_serverhello_tlsext
     - debian/patches/CVE-2014-3509.patch: fix race in ssl/t1_lib.c.
     - CVE-2014-3509
   * SECURITY UPDATE: DTLS anonymous EC(DH) denial of service
     - debian/patches/CVE-2014-3510.patch: check for server certs in
       ssl/d1_clnt.c, ssl/s3_clnt.c.
     - CVE-2014-3510
   * SECURITY UPDATE: TLS protocol downgrade attack
     - debian/patches/CVE-2014-3511.patch: properly handle fragments in
       ssl/s23_srvr.c.
     - CVE-2014-3511
   * SECURITY UPDATE: SRP buffer overrun
     - debian/patches/CVE-2014-3512.patch: check parameters in
       crypto/srp/srp_lib.c.
     - CVE-2014-3512
   * SECURITY UPDATE: crash with SRP ciphersuite in Server Hello message
     - debian/patches/CVE-2014-5139.patch: fix SRP authentication and make
       sure ciphersuite is set up correctly in ssl/s3_clnt.c, ssl/ssl_lib.c,
       ssl/s3_lib.c, ssl/ssl.h, ssl/ssl_ciph.c, ssl/ssl_locl.h.
     - CVE-2014-5139
Checksums-Sha1:
 8f2d4c6cee67b6fa4cad3fc607f0dc929985438a 492902 openssl_1.0.1f-1ubuntu7_amd64.deb
 8142701fe9384ecdf9ce94b762a9f6d064286db0 844796 libssl1.0.0_1.0.1f-1ubuntu7_amd64.deb
 d945d7b89fd6ca858852925e3be70c3b489f3e36 623228 libcrypto1.0.0-udeb_1.0.1f-1ubuntu7_amd64.udeb
 8418c80910f36ef16b9342288a3485b01f93ac2a 125804 libssl1.0.0-udeb_1.0.1f-1ubuntu7_amd64.udeb
 8a4c2fef9ff2c3d05f612c03c1298f37ede201de 1084540 libssl-dev_1.0.1f-1ubuntu7_amd64.deb
 890b6aa0badda99eb370ccffb5b8c7377bd336d8 2604616 libssl1.0.0-dbg_1.0.1f-1ubuntu7_amd64.deb
 b576b70ca7b019e834a26daa575dc15068f3f4e1 20411 openssl_1.0.1f-1ubuntu7_amd64_translations.tar.gz
Checksums-Sha256:
 95fbb6a765f9d47eb8e228463629c2c6f493b434385bbee200e24ebf96d0b2eb 492902 openssl_1.0.1f-1ubuntu7_amd64.deb
 a8e0bbefe39dc40d85c18348b3650b9bed0834d02eefd788be114c01a0336e33 844796 libssl1.0.0_1.0.1f-1ubuntu7_amd64.deb
 ec911fb63c8a4a5e64581bcfc4998032a4a5a34e8bab8042c1806e325c673b71 623228 libcrypto1.0.0-udeb_1.0.1f-1ubuntu7_amd64.udeb
 a6df8d784255897ec5723fa4f6118621f999a3050261a27a0341693034664098 125804 libssl1.0.0-udeb_1.0.1f-1ubuntu7_amd64.udeb
 1405dcb393331d3bbc07f95ad70468adf2933f8b8bf661d156d87af9e3cc2d53 1084540 libssl-dev_1.0.1f-1ubuntu7_amd64.deb
 8fe876fd53b3b43c7348283a0765901b1de4b322655f115db00b83e2d7220780 2604616 libssl1.0.0-dbg_1.0.1f-1ubuntu7_amd64.deb
 ecf2245b1886a29ba5c79e918908446029549fe832e60cffd9e06d8f33b0fba3 20411 openssl_1.0.1f-1ubuntu7_amd64_translations.tar.gz
Files:
 f07ca9c05e81950898e35268b65988f2 492902 utils optional openssl_1.0.1f-1ubuntu7_amd64.deb
 c99813a8f5d4c0b4365c1c7414e0eaed 844796 libs important libssl1.0.0_1.0.1f-1ubuntu7_amd64.deb
 3f228f18478012a8b12151afff0a32a0 623228 debian-installer optional libcrypto1.0.0-udeb_1.0.1f-1ubuntu7_amd64.udeb
 986ab0be7d8a2b48fca2b1c39cef839b 125804 debian-installer optional libssl1.0.0-udeb_1.0.1f-1ubuntu7_amd64.udeb
 46859400db2dd7ac371d0f4b71a37e41 1084540 libdevel optional libssl-dev_1.0.1f-1ubuntu7_amd64.deb
 ade0b3a4764959dad2de981709d767f3 2604616 debug extra libssl1.0.0-dbg_1.0.1f-1ubuntu7_amd64.deb
 93926909d0624ad1de64454a5d840a8e 20411 raw-translations - openssl_1.0.1f-1ubuntu7_amd64_translations.tar.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Package-Type: udeb