Format: 1.8
Date: Mon, 30 Jan 2017 14:30:36 -0500
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: armhf armhf_translations
Version: 1.0.1-4ubuntu5.39
Distribution: precise
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos01-arm64-041.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 libcrypto1.0.0-udeb - crypto shared library - udeb (udeb)
 libssl-dev - SSL development libraries, header files and documentation
 libssl-doc - SSL development documentation documentation
 libssl1.0.0 - SSL shared libraries
 libssl1.0.0-dbg - Symbol tables for libssl and libcrypto
 libssl1.0.0-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Socket Layer (SSL) binary and related cryptographic tools
Changes: 
 openssl (1.0.1-4ubuntu5.39) precise-security; urgency=medium
 .
   * SECURITY UPDATE: Pointer arithmetic undefined behaviour
     - debian/patches/CVE-2016-2177-pre.patch: check for ClientHello message
       overruns in ssl/s3_srvr.c.
     - debian/patches/CVE-2016-2177-pre2.patch: validate ClientHello
       extension field length in ssl/t1_lib.c.
     - debian/patches/CVE-2016-2177-pre3.patch: pass in a limit rather than
       calculate it in ssl/s3_srvr.c, ssl/ssl_locl.h, ssl/t1_lib.c.
     - debian/patches/CVE-2016-2177.patch: avoid undefined pointer
       arithmetic in ssl/s3_srvr.c, ssl/t1_lib.c,
     - CVE-2016-2177
   * SECURITY UPDATE: ECDSA P-256 timing attack key recovery
     - debian/patches/CVE-2016-7056.patch: use BN_mod_exp_mont_consttime in
       crypto/ec/ec.h, crypto/ec/ec_lcl.h, crypto/ec/ec_lib.c,
       crypto/ecdsa/ecs_ossl.c.
     - CVE-2016-7056
   * SECURITY UPDATE: DoS via warning alerts
     - debian/patches/CVE-2016-8610.patch: don't allow too many consecutive
       warning alerts in ssl/d1_pkt.c, ssl/s3_pkt.c, ssl/ssl.h,
       ssl/ssl_locl.h.
     - debian/patches/CVE-2016-8610-2.patch: fail if an unrecognised record
       type is received in ssl/s3_pkt.c.
     - CVE-2016-8610
   * SECURITY UPDATE: Truncated packet could crash via OOB read
     - debian/patches/CVE-2017-3731-pre.patch: sanity check
       EVP_CTRL_AEAD_TLS_AAD in crypto/evp/e_aes.c,
       crypto/evp/e_aes_cbc_hmac_sha1.c, crypto/evp/e_rc4_hmac_md5.c,
       crypto/evp/evp.h, ssl/t1_enc.c.
     - debian/patches/CVE-2017-3731.patch: harden RC4_MD5 cipher in
       crypto/evp/e_rc4_hmac_md5.c.
     - CVE-2017-3731
Checksums-Sha1: 
 1a8d0ced5d61db50aadf04daba57df65db2878e1 519548 openssl_1.0.1-4ubuntu5.39_armhf.deb
 82a025fd1ccd1116e0b2cb9252a3f15e4cc8a73e 808146 libssl1.0.0_1.0.1-4ubuntu5.39_armhf.deb
 b464cad79bedb8538ad0746a49d2c7f96b17177b 576540 libcrypto1.0.0-udeb_1.0.1-4ubuntu5.39_armhf.udeb
 3bc545c3bf86f7f7767155ae750f5efad01f860b 124338 libssl1.0.0-udeb_1.0.1-4ubuntu5.39_armhf.udeb
 92e17007295f08f01cd6eabd71c9053815874105 1268758 libssl-dev_1.0.1-4ubuntu5.39_armhf.deb
 f9addbc0085a3af3e912c207ba89dc36b4baa27d 2062010 libssl1.0.0-dbg_1.0.1-4ubuntu5.39_armhf.deb
 d6c81c5072ca8de523827614de888bee0abc5c4b 271606 openssl-dbgsym_1.0.1-4ubuntu5.39_armhf.ddeb
 7089f48e47eda6af81f20ea91c4bf487ccdb1509 1271456 libssl1.0.0-dbgsym_1.0.1-4ubuntu5.39_armhf.ddeb
 2bbb972defe5ba80f1cd3892cd4757ecc1c95162 958734 libcrypto1.0.0-udeb-dbgsym_1.0.1-4ubuntu5.39_armhf.ddeb
 45982439818935d42eb0cbbedfc3215f6cab0599 205982 libssl1.0.0-udeb-dbgsym_1.0.1-4ubuntu5.39_armhf.ddeb
 5903fd3c47490b70cf012220db83499bacf12ab7 18935 openssl_1.0.1-4ubuntu5.39_armhf_translations.tar.gz
Checksums-Sha256: 
 388b63054997c3ee8a67b23d2d163cc2938a04604f3134d2a4575af5ab0476b1 519548 openssl_1.0.1-4ubuntu5.39_armhf.deb
 fe464b22b37380a05897252a2a151231272e7cc4639dc799b47153420cc32e0b 808146 libssl1.0.0_1.0.1-4ubuntu5.39_armhf.deb
 c6d8177fcc8efe71831059f9d7a536e95348e30d7f28c1ba012f433b2f6c88a2 576540 libcrypto1.0.0-udeb_1.0.1-4ubuntu5.39_armhf.udeb
 11af78f9e80748b3231948902cdd7f905ac4545867c082c45f40940692d7df8d 124338 libssl1.0.0-udeb_1.0.1-4ubuntu5.39_armhf.udeb
 432992eaab2ef8555c1be0a0cee56d5310420ff9adb9e3784b15ed10485d26b6 1268758 libssl-dev_1.0.1-4ubuntu5.39_armhf.deb
 2c567e60b89250538600ee81d57b3fcf06ae5398eb3804422cc7483a7bc79880 2062010 libssl1.0.0-dbg_1.0.1-4ubuntu5.39_armhf.deb
 d5e6629d00a37db0a8d78d3e6d48baa1c2d3c672d00a4ce8a9b1f78ea17f6362 271606 openssl-dbgsym_1.0.1-4ubuntu5.39_armhf.ddeb
 590dcfd6903af153e6946955933acf5ed8bf655997a05ddda37526cf024a28bf 1271456 libssl1.0.0-dbgsym_1.0.1-4ubuntu5.39_armhf.ddeb
 7d9cabd0b0214adae31cda703e3baad6ddb669a5289dbec07615fd536189854e 958734 libcrypto1.0.0-udeb-dbgsym_1.0.1-4ubuntu5.39_armhf.ddeb
 54ae7a5dc5d31dfdaad433f3c4bf6b00a6a8970e7ed532be5ca70ee9a4e60881 205982 libssl1.0.0-udeb-dbgsym_1.0.1-4ubuntu5.39_armhf.ddeb
 eb4801c8b42183f4266a31749bd2fa64be47ad26d1ba5def02e25dde0e96f2cd 18935 openssl_1.0.1-4ubuntu5.39_armhf_translations.tar.gz
Files: 
 670c54a6ebe8f5793f4c74833f8000ec 519548 utils optional openssl_1.0.1-4ubuntu5.39_armhf.deb
 90fd6697300eab344212c65f75ae91a2 808146 libs important libssl1.0.0_1.0.1-4ubuntu5.39_armhf.deb
 3f40020a9cb7b36d6288479ce50854d3 576540 debian-installer optional libcrypto1.0.0-udeb_1.0.1-4ubuntu5.39_armhf.udeb
 60a5f1e2bd0f8c69a5b43f42d6aeb91c 124338 debian-installer optional libssl1.0.0-udeb_1.0.1-4ubuntu5.39_armhf.udeb
 192845bd12d33f15cb48376a719b8300 1268758 libdevel optional libssl-dev_1.0.1-4ubuntu5.39_armhf.deb
 d153f84fbbef2b6c24e8bda8441e975c 2062010 debug extra libssl1.0.0-dbg_1.0.1-4ubuntu5.39_armhf.deb
 324eaf0e26170dd8bb7167ec240446f6 271606 utils extra openssl-dbgsym_1.0.1-4ubuntu5.39_armhf.ddeb
 ab422ecd842083d9ba7eb97bf3b8f541 1271456 libs extra libssl1.0.0-dbgsym_1.0.1-4ubuntu5.39_armhf.ddeb
 ae0512b160782165f38e2bdc0e6ae464 958734 debian-installer extra libcrypto1.0.0-udeb-dbgsym_1.0.1-4ubuntu5.39_armhf.ddeb
 866b14b53a196818e02a5a056836f04f 205982 debian-installer extra libssl1.0.0-udeb-dbgsym_1.0.1-4ubuntu5.39_armhf.ddeb
 90b3fbbdaa681423319d989e52b3c6ad 18935 raw-translations - openssl_1.0.1-4ubuntu5.39_armhf_translations.tar.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Package-Type: udeb