Format: 1.8
Date: Wed, 20 Jun 2018 07:29:12 -0400
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: armhf armhf_translations
Version: 1.1.0g-2ubuntu4.1
Distribution: bionic
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-011.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.0g-2ubuntu4.1) bionic-security; urgency=medium
 .
   * SECURITY UPDATE: ECDSA key extraction side channel
     - debian/patches/CVE-2018-0495.patch: add blinding to an ECDSA
       signature in crypto/ec/ecdsa_ossl.c.
     - CVE-2018-0495
   * SECURITY UPDATE: denial of service via long prime values
     - debian/patches/CVE-2018-0732.patch: reject excessively large primes
       in DH key generation in crypto/dh/dh_key.c.
     - CVE-2018-0732
   * SECURITY UPDATE: RSA cache timing side channel attack
     - debian/patches/CVE-2018-0737-1.patch: replaced variable-time GCD in
       crypto/rsa/rsa_gen.c.
     - debian/patches/CVE-2018-0737-2.patch: used ERR set/pop mark in
       crypto/rsa/rsa_gen.c.
     - debian/patches/CVE-2018-0737-3.patch: consttime flag changed in
       crypto/rsa/rsa_gen.c.
     - debian/patches/CVE-2018-0737-4.patch: ensure BN_mod_inverse and
       BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set in
       crypto/rsa/rsa_gen.c.
     - CVE-2018-0737
Checksums-Sha1:
 27943b56961830771c84b3f080a78fc5c9eec3db 764928 libcrypto1.1-udeb_1.1.0g-2ubuntu4.1_armhf.udeb
 bde40c5e42c09113bfac677cef851c798a89d22a 1183360 libssl-dev_1.1.0g-2ubuntu4.1_armhf.deb
 dd97b1ca964dc9216aeeae90bb34020752e97db6 2670032 libssl1.1-dbgsym_1.1.0g-2ubuntu4.1_armhf.ddeb
 09eaaee4b50b512928923f332870c399074d4ece 116064 libssl1.1-udeb_1.1.0g-2ubuntu4.1_armhf.udeb
 088336b708b16b894667c58479c23f9bd5273f82 912128 libssl1.1_1.1.0g-2ubuntu4.1_armhf.deb
 6c167aa2ec79480b49972f03109e247cc5b6f6d9 461492 openssl-dbgsym_1.1.0g-2ubuntu4.1_armhf.ddeb
 e501f3a9911ce604b143870d4f22fd20294e6d45 6966 openssl_1.1.0g-2ubuntu4.1_armhf.buildinfo
 17db812c7eab6b674b275f2cdbdca3c4f8fbe11c 509564 openssl_1.1.0g-2ubuntu4.1_armhf.deb
 3344d962c81326a08db60d37f710d6716ae5f55c 20618 openssl_1.1.0g-2ubuntu4.1_armhf_translations.tar.gz
Checksums-Sha256:
 eba2414e57e4a3cc8c7eeb3350ed8f3d4eded67e763eb40adbbc5b019d7786ed 764928 libcrypto1.1-udeb_1.1.0g-2ubuntu4.1_armhf.udeb
 c816e45586022ac72aaf85fb9463be25b47ef22d53e052da11ac45df40647713 1183360 libssl-dev_1.1.0g-2ubuntu4.1_armhf.deb
 37cc03f6cff1d0d29dfa5a001eee311b8a8260683e4f471fa5f6e94215365e15 2670032 libssl1.1-dbgsym_1.1.0g-2ubuntu4.1_armhf.ddeb
 4b5b0237859bf5e2d6f455e6e616cd468d3e3e0eb2eb68fc8b4f6c40813e3b15 116064 libssl1.1-udeb_1.1.0g-2ubuntu4.1_armhf.udeb
 5cfe75096ecb01a4adbcc3e467011ca08f1e684c6045fd31f6c372df04e954f9 912128 libssl1.1_1.1.0g-2ubuntu4.1_armhf.deb
 4ba78c2b2ac2b368035cb3763fe01061e68f71b0efd1339beb4dc6fbed707933 461492 openssl-dbgsym_1.1.0g-2ubuntu4.1_armhf.ddeb
 1cf85424743a3e882e6608ef3f6fdf98d546065d005677c19109335aa6b72aec 6966 openssl_1.1.0g-2ubuntu4.1_armhf.buildinfo
 6337f93192a1f1b8d8e1f02c4cc3508682f834948bae2f88149a14a36227cf62 509564 openssl_1.1.0g-2ubuntu4.1_armhf.deb
 deebd8d6669f3c0ce8b8d0c1af15527588ccf5abb8465925676fe1b1634860c7 20618 openssl_1.1.0g-2ubuntu4.1_armhf_translations.tar.gz
Files:
 e2c593225fd88403c2f0110d706af0ac 764928 debian-installer optional libcrypto1.1-udeb_1.1.0g-2ubuntu4.1_armhf.udeb
 10f042284a887ed4a483052f28413e5f 1183360 libdevel optional libssl-dev_1.1.0g-2ubuntu4.1_armhf.deb
 4532a6865568a604a60e726fdc4708b5 2670032 debug optional libssl1.1-dbgsym_1.1.0g-2ubuntu4.1_armhf.ddeb
 2230317cc606c4f18cdb9096a0e2b71e 116064 debian-installer optional libssl1.1-udeb_1.1.0g-2ubuntu4.1_armhf.udeb
 f701f71be3b9737a862f595106b3408e 912128 libs important libssl1.1_1.1.0g-2ubuntu4.1_armhf.deb
 8077f0378b16a017234b1353cea88967 461492 debug optional openssl-dbgsym_1.1.0g-2ubuntu4.1_armhf.ddeb
 6796baa55b64fa23d55b11bcc8ef7764 6966 utils optional openssl_1.1.0g-2ubuntu4.1_armhf.buildinfo
 63449fe7a6a96f7a67c784403d0f1b69 509564 utils optional openssl_1.1.0g-2ubuntu4.1_armhf.deb
 3b00a031d78f4a8d9a180945d79d4032 20618 raw-translations - openssl_1.1.0g-2ubuntu4.1_armhf_translations.tar.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>