Format: 1.8
Date: Thu, 07 Aug 2014 08:16:48 -0400
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: powerpc powerpc_translations
Version: 1.0.1-4ubuntu5.17
Distribution: precise
Urgency: medium
Maintainer: Ubuntu/powerpc Build Daemon <buildd@adare.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 libcrypto1.0.0-udeb - crypto shared library - udeb (udeb)
 libssl-dev - SSL development libraries, header files and documentation
 libssl-doc - SSL development documentation documentation
 libssl1.0.0 - SSL shared libraries
 libssl1.0.0-dbg - Symbol tables for libssl and libcrypto
 libssl1.0.0-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Socket Layer (SSL) binary and related cryptographic tools
Changes: 
 openssl (1.0.1-4ubuntu5.17) precise-security; urgency=medium
 .
   * SECURITY UPDATE: double free when processing DTLS packets
     - debian/patches/CVE-2014-3505.patch: fix double free in ssl/d1_both.c.
     - CVE-2014-3505
   * SECURITY UPDATE: DTLS memory exhaustion
     - debian/patches/CVE-2014-3506.patch: fix DTLS handshake message size
       checks in ssl/d1_both.c.
     - CVE-2014-3506
   * SECURITY UPDATE: DTLS memory leak from zero-length fragments
     - debian/patches/CVE-2014-3507.patch: fix memory leak and return codes
       in ssl/d1_both.c.
     - CVE-2014-3507
   * SECURITY UPDATE: information leak in pretty printing functions
     - debian/patches/CVE-2014-3508.patch: fix OID handling in
       crypto/asn1/a_object.c, crypto/objects/obj_dat.c.
     - CVE-2014-3508
   * SECURITY UPDATE: race condition in ssl_parse_serverhello_tlsext
     - debian/patches/CVE-2014-3509.patch: fix race in ssl/t1_lib.c.
     - CVE-2014-3509
   * SECURITY UPDATE: DTLS anonymous EC(DH) denial of service
     - debian/patches/CVE-2014-3510.patch: check for server certs in
       ssl/d1_clnt.c, ssl/s3_clnt.c.
     - CVE-2014-3510
   * SECURITY UPDATE: TLS protocol downgrade attack
     - debian/patches/CVE-2014-3511.patch: properly handle fragments in
       ssl/s23_srvr.c.
     - CVE-2014-3511
   * SECURITY UPDATE: SRP buffer overrun
     - debian/patches/CVE-2014-3512.patch: check parameters in
       crypto/srp/srp_lib.c.
     - CVE-2014-3512
   * SECURITY UPDATE: crash with SRP ciphersuite in Server Hello message
     - debian/patches/CVE-2014-5139.patch: fix SRP authentication and make
       sure ciphersuite is set up correctly in ssl/s3_clnt.c, ssl/ssl_lib.c,
       ssl/s3_lib.c, ssl/ssl.h, ssl/ssl_ciph.c, ssl/ssl_locl.h.
     - CVE-2014-5139
Checksums-Sha1: 
 c23669c4a159425e4d7950add8ca739d985e9434 521412 openssl_1.0.1-4ubuntu5.17_powerpc.deb
 1bf68b117c4953c263a82c2ea5c2987a74ffc79e 956154 libssl1.0.0_1.0.1-4ubuntu5.17_powerpc.deb
 e2f26f4a1d54429833d88a328b627a4fe727d081 698404 libcrypto1.0.0-udeb_1.0.1-4ubuntu5.17_powerpc.udeb
 a2fa53711dd6b6003aa11cc2647a4f6862ca6b76 143942 libssl1.0.0-udeb_1.0.1-4ubuntu5.17_powerpc.udeb
 cd6a4c2d5d0035d889e134eee7e6f68fe1a53847 1449530 libssl-dev_1.0.1-4ubuntu5.17_powerpc.deb
 f710e184c6d0b3bcee996a7dbb42fc4311e60c6d 2210240 libssl1.0.0-dbg_1.0.1-4ubuntu5.17_powerpc.deb
 0d6bd10d0c2a262bd79518e9b72a08382b54043d 18940 openssl_1.0.1-4ubuntu5.17_powerpc_translations.tar.gz
Checksums-Sha256: 
 98fb61d34a1f84f7292da152cda1a43ca711883845663854239a694a48850759 521412 openssl_1.0.1-4ubuntu5.17_powerpc.deb
 82662ec3709303c2e6d98a09c6d6659b11717199633e8940279229d61697fd8f 956154 libssl1.0.0_1.0.1-4ubuntu5.17_powerpc.deb
 802456e1a663c30a8d614e9c8b91998458cccdbbc4b658238c13c993e38312b2 698404 libcrypto1.0.0-udeb_1.0.1-4ubuntu5.17_powerpc.udeb
 e515e5130a430b088b0124be98b94d8b084690710deb8170e3e1398ab57fce83 143942 libssl1.0.0-udeb_1.0.1-4ubuntu5.17_powerpc.udeb
 74bf76ea55f3232737d214b2364919cfb640747b9374f41adb8217168cfc935d 1449530 libssl-dev_1.0.1-4ubuntu5.17_powerpc.deb
 2299fb9c0c99e7bf4670ce67fd4d69769f4d67338cda83a5fef09d1ca666d606 2210240 libssl1.0.0-dbg_1.0.1-4ubuntu5.17_powerpc.deb
 f265fb23347c023da575db78eab746f5311d34ed0e078599b1d7c9f047cd9ca6 18940 openssl_1.0.1-4ubuntu5.17_powerpc_translations.tar.gz
Files: 
 5bfffaf253a0fbbc1a3563f1aa7b96d6 521412 utils optional openssl_1.0.1-4ubuntu5.17_powerpc.deb
 e650b3f15f6ad789677969095e99d2af 956154 libs important libssl1.0.0_1.0.1-4ubuntu5.17_powerpc.deb
 a96d6d2bb2fb9cb7433de9b78b771e16 698404 debian-installer optional libcrypto1.0.0-udeb_1.0.1-4ubuntu5.17_powerpc.udeb
 7f16f95e1b9d1d32ff0e866c68f357da 143942 debian-installer optional libssl1.0.0-udeb_1.0.1-4ubuntu5.17_powerpc.udeb
 de22cf48dc07fce04601c915d7e13cb2 1449530 libdevel optional libssl-dev_1.0.1-4ubuntu5.17_powerpc.deb
 3c15812e7e6784d30183e29dd978a956 2210240 debug extra libssl1.0.0-dbg_1.0.1-4ubuntu5.17_powerpc.deb
 ebdaa4a192c150ba1a233750bfa6f745 18940 raw-translations - openssl_1.0.1-4ubuntu5.17_powerpc_translations.tar.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Package-Type: udeb