Format: 1.8 Date: Thu, 22 Sep 2016 08:22:22 -0400 Source: openssl Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg Architecture: ppc64el ppc64el_translations Version: 1.0.2g-1ubuntu4.4 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information libssl1.0.0-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.0.2g-1ubuntu4.4) xenial-security; urgency=medium . * SECURITY UPDATE: Pointer arithmetic undefined behaviour - debian/patches/CVE-2016-2177.patch: avoid undefined pointer arithmetic in ssl/s3_srvr.c, ssl/ssl_sess.c, ssl/t1_lib.c. - CVE-2016-2177 * SECURITY UPDATE: Constant time flag not preserved in DSA signing - debian/patches/CVE-2016-2178-*.patch: preserve BN_FLG_CONSTTIME in crypto/dsa/dsa_ossl.c. - CVE-2016-2178 * SECURITY UPDATE: DTLS buffered message DoS - debian/patches/CVE-2016-2179.patch: fix queue handling in ssl/d1_both.c, ssl/d1_clnt.c, ssl/d1_lib.c, ssl/d1_srvr.c, ssl/ssl_locl.h. - CVE-2016-2179 * SECURITY UPDATE: OOB read in TS_OBJ_print_bio() - debian/patches/CVE-2016-2180.patch: fix text handling in crypto/ts/ts_lib.c. - CVE-2016-2180 * SECURITY UPDATE: DTLS replay protection DoS - debian/patches/CVE-2016-2181-1.patch: properly handle unprocessed records in ssl/d1_pkt.c. - debian/patches/CVE-2016-2181-2.patch: protect against replay attacks in ssl/d1_pkt.c, ssl/ssl.h, ssl/ssl_err.c. - debian/patches/CVE-2016-2181-3.patch: update error code in ssl/ssl.h. - CVE-2016-2181 * SECURITY UPDATE: OOB write in BN_bn2dec() - debian/patches/CVE-2016-2182.patch: don't overflow buffer in crypto/bn/bn_print.c. - CVE-2016-2182 * SECURITY UPDATE: SWEET32 Mitigation - debian/patches/CVE-2016-2183.patch: move DES ciphersuites from HIGH to MEDIUM in ssl/s3_lib.c. - CVE-2016-2183 * SECURITY UPDATE: Malformed SHA512 ticket DoS - debian/patches/CVE-2016-6302.patch: sanity check ticket length in ssl/t1_lib.c. - CVE-2016-6302 * SECURITY UPDATE: OOB write in MDC2_Update() - debian/patches/CVE-2016-6303.patch: avoid overflow in crypto/mdc2/mdc2dgst.c. - CVE-2016-6303 * SECURITY UPDATE: OCSP Status Request extension unbounded memory growth - debian/patches/CVE-2016-6304.patch: remove OCSP_RESPIDs from previous handshake in ssl/t1_lib.c. - CVE-2016-6304 * SECURITY UPDATE: Certificate message OOB reads - debian/patches/CVE-2016-6306-1.patch: check lengths in ssl/s3_clnt.c, ssl/s3_srvr.c. - debian/patches/CVE-2016-6306-2.patch: make message buffer slightly larger in ssl/d1_both.c, ssl/s3_both.c. - CVE-2016-6306 Checksums-Sha1: 1b109d642d34ae22da524b604845092b4db94fa2 936 libcrypto1.0.0-udeb-dbgsym_1.0.2g-1ubuntu4.4_ppc64el.ddeb 5f25e7d407e6b94ce8d52e2929f32924088e3a7e 609858 libcrypto1.0.0-udeb_1.0.2g-1ubuntu4.4_ppc64el.udeb 5476a630fc09eaf97a6f81c20730b2ca7828c974 928 libssl-dev-dbgsym_1.0.2g-1ubuntu4.4_ppc64el.ddeb 21fb91f81544222a3674c15a13ca687b81bf44b7 1180110 libssl-dev_1.0.2g-1ubuntu4.4_ppc64el.deb b9cfc84a6367b9dadbc8fb0b4f38639955f5a6a7 2926698 libssl1.0.0-dbg_1.0.2g-1ubuntu4.4_ppc64el.deb f5b6e1b7d695a12260b76a486b2d64013e5a3881 902 libssl1.0.0-dbgsym_1.0.2g-1ubuntu4.4_ppc64el.ddeb 96c8859cc83ebf43876057207f8306a6fdfe04c1 822 libssl1.0.0-udeb-dbgsym_1.0.2g-1ubuntu4.4_ppc64el.ddeb 3bb3eebca73773b6a8b2df6959bf702e0770fa91 130202 libssl1.0.0-udeb_1.0.2g-1ubuntu4.4_ppc64el.udeb 657b88ff664483b7bb009f4001a48e968439c7fc 832122 libssl1.0.0_1.0.2g-1ubuntu4.4_ppc64el.deb 06da86955512e8eec7ab68a86bc4d1efb8af5b62 1064 openssl-dbgsym_1.0.2g-1ubuntu4.4_ppc64el.ddeb f019f043cda79ebad413d688763eb10fea219ae1 482508 openssl_1.0.2g-1ubuntu4.4_ppc64el.deb 0b22d31f45973f0bbfc90ac779e101b39479cb00 20386 openssl_1.0.2g-1ubuntu4.4_ppc64el_translations.tar.gz Checksums-Sha256: 416b47b2b28e63416015eb1e8689e633e6349fbbc1f9cdab0f7a53c8696e9198 936 libcrypto1.0.0-udeb-dbgsym_1.0.2g-1ubuntu4.4_ppc64el.ddeb 6dcd69e8448ebf94972524c5069232f1164f89d914d4655dc455f289a67262ec 609858 libcrypto1.0.0-udeb_1.0.2g-1ubuntu4.4_ppc64el.udeb a64ce41e620d8e99517609886945715455f6f0f0c509c4ee9a4dc83554414d3b 928 libssl-dev-dbgsym_1.0.2g-1ubuntu4.4_ppc64el.ddeb df31341eca3777b30f668ba114d5b8d72c47ca64844b83bef840c73bec6b94c1 1180110 libssl-dev_1.0.2g-1ubuntu4.4_ppc64el.deb 172e1558304fff10c78852641078198f2edd63ff32c8d111672745064e545fe7 2926698 libssl1.0.0-dbg_1.0.2g-1ubuntu4.4_ppc64el.deb cc3a9d86569f7cbaffd1f12b044e49154512e85ec5ed2aa427c071b6d70baa5f 902 libssl1.0.0-dbgsym_1.0.2g-1ubuntu4.4_ppc64el.ddeb 121d154db3eb9cc7c781eb9c561199adb9a1d898755ed9c7fed546e97c984992 822 libssl1.0.0-udeb-dbgsym_1.0.2g-1ubuntu4.4_ppc64el.ddeb 6260dd251e695471b349ec65cf97e96bb47401b9cfb4c81ddc4d91ff6d1934bf 130202 libssl1.0.0-udeb_1.0.2g-1ubuntu4.4_ppc64el.udeb f0fdee5ca3875db16fde6b6df534b53e219df8aadb90f07dd6b3c1fec05330f0 832122 libssl1.0.0_1.0.2g-1ubuntu4.4_ppc64el.deb eebbc0a7827b2088028d380675a7fef1a91b6c7c7b04efb92e26d6c72a9e80b5 1064 openssl-dbgsym_1.0.2g-1ubuntu4.4_ppc64el.ddeb c05877ae451af23920dbe28ee895325ae755e5bc3ddf2f8aa8abcc7adf9e6395 482508 openssl_1.0.2g-1ubuntu4.4_ppc64el.deb b9de27d42f3d50ef5ecd923c7f3ce9889c54733440d4a80c5e65224779db4ed8 20386 openssl_1.0.2g-1ubuntu4.4_ppc64el_translations.tar.gz Files: a1e8af81224b1057103dfa09d1e3f74c 936 debian-installer extra libcrypto1.0.0-udeb-dbgsym_1.0.2g-1ubuntu4.4_ppc64el.ddeb 8ad966c94f92be23ef7e04f3236149f6 609858 debian-installer optional libcrypto1.0.0-udeb_1.0.2g-1ubuntu4.4_ppc64el.udeb 72317a9db2988bbc4cbd92d1342efa83 928 libdevel extra libssl-dev-dbgsym_1.0.2g-1ubuntu4.4_ppc64el.ddeb 333a5d4c0f5ea97fe1db73ce0846d761 1180110 libdevel optional libssl-dev_1.0.2g-1ubuntu4.4_ppc64el.deb ce3ca8bd9cb9eb35554ff87b79dac228 2926698 debug extra libssl1.0.0-dbg_1.0.2g-1ubuntu4.4_ppc64el.deb 34b33ffa1f1153fc11156a712714ca9c 902 libs extra libssl1.0.0-dbgsym_1.0.2g-1ubuntu4.4_ppc64el.ddeb 809339073055881239b8a7b201d9418e 822 debian-installer extra libssl1.0.0-udeb-dbgsym_1.0.2g-1ubuntu4.4_ppc64el.ddeb b6ae3b35640d9ab2c163d79274603575 130202 debian-installer optional libssl1.0.0-udeb_1.0.2g-1ubuntu4.4_ppc64el.udeb d3232a533e92b342136a64fc47e54dd5 832122 libs important libssl1.0.0_1.0.2g-1ubuntu4.4_ppc64el.deb c8cc7ec7cbcb88a8ca59e88d6f3d41e8 1064 utils extra openssl-dbgsym_1.0.2g-1ubuntu4.4_ppc64el.ddeb 653d3e5a697fc5599b48303ad736650b 482508 utils optional openssl_1.0.2g-1ubuntu4.4_ppc64el.deb 187052b8f75b784ba9174715f50447fd 20386 raw-translations - openssl_1.0.2g-1ubuntu4.4_ppc64el_translations.tar.gz Original-Maintainer: Debian OpenSSL Team Package-Type: udeb