Format: 1.8 Date: Thu, 07 Aug 2014 08:48:43 -0400 Source: openssl Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl0.9.8-udeb libssl-dev libssl0.9.8-dbg Architecture: amd64 amd64_translations Version: 0.9.8k-7ubuntu8.20 Distribution: lucid Urgency: medium Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Marc Deslauriers Description: libcrypto0.9.8-udeb - crypto shared library - udeb (udeb) libssl-dev - SSL development libraries, header files and documentation libssl0.9.8 - SSL shared libraries libssl0.9.8-dbg - Symbol tables for libssl and libcrypto libssl0.9.8-udeb - ssl shared library - udeb (udeb) openssl - Secure Socket Layer (SSL) binary and related cryptographic tools openssl-doc - Secure Socket Layer (SSL) documentation Changes: openssl (0.9.8k-7ubuntu8.20) lucid-security; urgency=medium . * SECURITY UPDATE: double free when processing DTLS packets - debian/patches/CVE-2014-3505.patch: fix double free in ssl/d1_both.c. - CVE-2014-3505 * SECURITY UPDATE: DTLS memory exhaustion - debian/patches/CVE-2014-3506.patch: fix DTLS handshake message size checks in ssl/d1_both.c. - CVE-2014-3506 * SECURITY UPDATE: information leak in pretty printing functions - debian/patches/CVE-2014-3508.patch: fix OID handling in crypto/asn1/a_object.c, crypto/objects/obj_dat.c, crypto/asn1/asn1.h, crypto/asn1/asn1_err.c. - CVE-2014-3508 * SECURITY UPDATE: DTLS anonymous EC(DH) denial of service - debian/patches/CVE-2014-3510.patch: check for server certs in ssl/d1_clnt.c, ssl/s3_clnt.c. - CVE-2014-3510 * SECURITY UPDATE: TLS protocol downgrade attack - debian/patches/CVE-2014-3511.patch: properly handle fragments in ssl/s23_srvr.c. - CVE-2014-3511 Checksums-Sha1: bbfdfc1b45a55d8d9626783efb53e716a4d4dca7 406774 openssl_0.9.8k-7ubuntu8.20_amd64.deb bede82967c23ca9654ca0ba70824f5a21c895caf 986072 libssl0.9.8_0.9.8k-7ubuntu8.20_amd64.deb 6e4089d100883a6236f3c49cde57eb0467019eca 631294 libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.20_amd64.udeb ba2a101ba788159cc73380c4359cfe0224491fab 140386 libssl0.9.8-udeb_0.9.8k-7ubuntu8.20_amd64.udeb 7fb180a5ec5492c25fbfc1a9e016433acf00e63f 2154480 libssl-dev_0.9.8k-7ubuntu8.20_amd64.deb e70d439ce2313e91d828369c96ddeff3c9ddd6fe 1669292 libssl0.9.8-dbg_0.9.8k-7ubuntu8.20_amd64.deb 5bb5490746c1da8502c4ab34325d73251452af91 18468 openssl_0.9.8k-7ubuntu8.20_amd64_translations.tar.gz Checksums-Sha256: c6548bf91a6f889a551203c4c0f82a387508fb5b3b9a6bf7244c8539d7563228 406774 openssl_0.9.8k-7ubuntu8.20_amd64.deb 080ee13339d8def618d58e63042818bdefc3839700516c0224f3b94d3e2bab4c 986072 libssl0.9.8_0.9.8k-7ubuntu8.20_amd64.deb 487847e84660a1b547d6284ca117e3fd111acece4ffba60ad9461a4a779ea992 631294 libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.20_amd64.udeb 022f3fd2b85bbb82adeaa7bfc2071bd2ec4037f857cd92533636c61ca29ab5bb 140386 libssl0.9.8-udeb_0.9.8k-7ubuntu8.20_amd64.udeb 53f971579b95c15dd7153bd0dc6b27287d5a7fa2ce9d50a307326d35b6f1b209 2154480 libssl-dev_0.9.8k-7ubuntu8.20_amd64.deb 90a1e4c1972c8a8195e28e1afab7b50d03b19088c39a7966a4452e34d1105c10 1669292 libssl0.9.8-dbg_0.9.8k-7ubuntu8.20_amd64.deb 6c951bf2ab03a74a9ee6df1059071fb12eddc93f9449008b3bb410a07e9af1b4 18468 openssl_0.9.8k-7ubuntu8.20_amd64_translations.tar.gz Files: 50a44fb7e34635c7b00724799b3b9f77 406774 utils optional openssl_0.9.8k-7ubuntu8.20_amd64.deb b960cbc0d5157b5d19a67b3975671534 986072 libs important libssl0.9.8_0.9.8k-7ubuntu8.20_amd64.deb ed0421ac3d1381d8466208ef3e369dfe 631294 debian-installer optional libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.20_amd64.udeb c8c2e8442f698f377962db704f09d90a 140386 debian-installer optional libssl0.9.8-udeb_0.9.8k-7ubuntu8.20_amd64.udeb 27399ba8e81224cbd342eed2356b8320 2154480 libdevel optional libssl-dev_0.9.8k-7ubuntu8.20_amd64.deb f565c9e14b9ec1f219e42d1114b3e4df 1669292 debug extra libssl0.9.8-dbg_0.9.8k-7ubuntu8.20_amd64.deb 4724f26d15b6279c88feaa362b82b27a 18468 raw-translations - openssl_0.9.8k-7ubuntu8.20_amd64_translations.tar.gz Original-Maintainer: Debian OpenSSL Team Package-Type: udeb