Format: 1.8
Date: Wed, 20 Jun 2018 07:13:37 -0400
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: amd64 all amd64_translations
Version: 1.1.0g-2ubuntu5
Distribution: cosmic-proposed
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lgw01-amd64-003.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.0g-2ubuntu5) cosmic; urgency=medium
 .
   * SECURITY UPDATE: ECDSA key extraction side channel
     - debian/patches/CVE-2018-0495.patch: add blinding to an ECDSA
       signature in crypto/ec/ecdsa_ossl.c.
     - CVE-2018-0495
   * SECURITY UPDATE: denial of service via long prime values
     - debian/patches/CVE-2018-0732.patch: reject excessively large primes
       in DH key generation in crypto/dh/dh_key.c.
     - CVE-2018-0732
   * SECURITY UPDATE: RSA cache timing side channel attack
     - debian/patches/CVE-2018-0737-1.patch: replaced variable-time GCD in
       crypto/rsa/rsa_gen.c.
     - debian/patches/CVE-2018-0737-2.patch: used ERR set/pop mark in
       crypto/rsa/rsa_gen.c.
     - debian/patches/CVE-2018-0737-3.patch: consttime flag changed in
       crypto/rsa/rsa_gen.c.
     - debian/patches/CVE-2018-0737-4.patch: ensure BN_mod_inverse and
       BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set in
       crypto/rsa/rsa_gen.c.
     - CVE-2018-0737
Checksums-Sha1:
 d910ef34d97825ed159a2e8ee85d0e3a05337be7 949940 libcrypto1.1-udeb_1.1.0g-2ubuntu5_amd64.udeb
 9582169f34031d8ed102a7bf411afce081748609 1372716 libssl-dev_1.1.0g-2ubuntu5_amd64.deb
 8b061fa544da7d99c4207080c147881b03672124 1255248 libssl-doc_1.1.0g-2ubuntu5_all.deb
 d87a43f318c3d17f075ed960c1877a60ae9ad600 2854716 libssl1.1-dbgsym_1.1.0g-2ubuntu5_amd64.ddeb
 709907ac789dd3b36a20951a8d936bb80dd9ce0c 144756 libssl1.1-udeb_1.1.0g-2ubuntu5_amd64.udeb
 d088508f261113b5898cbe5d74a0795ddd4b57bb 1129244 libssl1.1_1.1.0g-2ubuntu5_amd64.deb
 6f36c215fba2a71ed3da174a570602cb43ba5b70 496076 openssl-dbgsym_1.1.0g-2ubuntu5_amd64.ddeb
 dcd74d71f8b68b8db4b49d2b6e125247053cbf06 7169 openssl_1.1.0g-2ubuntu5_amd64.buildinfo
 2f7201ff7d445abfc626bec8bcd256e0932f0408 531480 openssl_1.1.0g-2ubuntu5_amd64.deb
 3e614641125484783bef21488c96444f5278a06d 20511 openssl_1.1.0g-2ubuntu5_amd64_translations.tar.gz
Checksums-Sha256:
 3078c7c368afc6fb24b271219dc2d9cdf1ecdfb3fc1c5bb8d9f2618e838e5fc2 949940 libcrypto1.1-udeb_1.1.0g-2ubuntu5_amd64.udeb
 569774851622a2ada32289e2dc13cfffa5df736538bd5719a4b80f76debfc0db 1372716 libssl-dev_1.1.0g-2ubuntu5_amd64.deb
 d71ad3dd91ae14a8476f1e15aa1c0eb4bc115e4546a61838227aaf8d5b7f6926 1255248 libssl-doc_1.1.0g-2ubuntu5_all.deb
 ecce644cf354d7d71b0aafe052b2ce28b18dfdb7f9d0a6b295d67445b4b378e3 2854716 libssl1.1-dbgsym_1.1.0g-2ubuntu5_amd64.ddeb
 3f6706da2887d17bb2b493c29760042a5e95f80ae90e473a24edb5542f9e32dd 144756 libssl1.1-udeb_1.1.0g-2ubuntu5_amd64.udeb
 3259821c7207a3e214d655f705268ad1a042d688e6c66afc1bf8113e9d5580b1 1129244 libssl1.1_1.1.0g-2ubuntu5_amd64.deb
 6707c711c80f6e8a2fe602af86c46d1bb2fae57045877e8db6caccb864795e04 496076 openssl-dbgsym_1.1.0g-2ubuntu5_amd64.ddeb
 4277dce81491b04100d50b0145e6b9eeaf7fe9ba1419cf41a417fa11013ab53b 7169 openssl_1.1.0g-2ubuntu5_amd64.buildinfo
 234c3f6281b8912a9c4ecaaa0ac23682e4c0c48c64ab2559ac9038ce9fd4f144 531480 openssl_1.1.0g-2ubuntu5_amd64.deb
 3e985622e31c12c4ca398312a930b5836a6d0a6a7a59934ca848067321fb6576 20511 openssl_1.1.0g-2ubuntu5_amd64_translations.tar.gz
Files:
 ae8a8b9ab51ae71f7c3750dab154d924 949940 debian-installer optional libcrypto1.1-udeb_1.1.0g-2ubuntu5_amd64.udeb
 2e0282c1b525a0c87a4874fa5e2c9210 1372716 libdevel optional libssl-dev_1.1.0g-2ubuntu5_amd64.deb
 f95091a077f514935e719479566a7759 1255248 doc optional libssl-doc_1.1.0g-2ubuntu5_all.deb
 1c4de3a9fbb63b76782c82004af3c302 2854716 debug optional libssl1.1-dbgsym_1.1.0g-2ubuntu5_amd64.ddeb
 78228806d95c645498c7c7f49117fa1f 144756 debian-installer optional libssl1.1-udeb_1.1.0g-2ubuntu5_amd64.udeb
 400070559ee72cd586de71b21fe6a5f7 1129244 libs important libssl1.1_1.1.0g-2ubuntu5_amd64.deb
 048270eb016aa8fb7ed6ebac01d3e7e0 496076 debug optional openssl-dbgsym_1.1.0g-2ubuntu5_amd64.ddeb
 8a7fc58e998f1fcd110ca9a76b08d43f 7169 utils optional openssl_1.1.0g-2ubuntu5_amd64.buildinfo
 9ae2ce12387ff43ee095c5e0f0000343 531480 utils optional openssl_1.1.0g-2ubuntu5_amd64.deb
 fb10f1e6a4a856bb0753aed6cf38125f 20511 raw-translations - openssl_1.1.0g-2ubuntu5_amd64_translations.tar.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>