Format: 1.8 Date: Wed, 15 Oct 2014 13:17:00 -0400 Source: openssl Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl0.9.8-udeb libssl-dev libssl0.9.8-dbg Architecture: i386 all i386_translations Version: 0.9.8k-7ubuntu8.22 Distribution: lucid Urgency: medium Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Marc Deslauriers Description: libcrypto0.9.8-udeb - crypto shared library - udeb (udeb) libssl-dev - SSL development libraries, header files and documentation libssl0.9.8 - SSL shared libraries libssl0.9.8-dbg - Symbol tables for libssl and libcrypto libssl0.9.8-udeb - ssl shared library - udeb (udeb) openssl - Secure Socket Layer (SSL) binary and related cryptographic tools openssl-doc - Secure Socket Layer (SSL) documentation Changes: openssl (0.9.8k-7ubuntu8.22) lucid-security; urgency=medium . * SECURITY UPDATE: denial of service via session ticket integrity check memory leak - debian/patches/CVE-2014-3567.patch: perform cleanup in ssl/t1_lib.c. - CVE-2014-3567 * SECURITY UPDATE: fix the no-ssl3 build option - debian/patches/CVE-2014-3568.patch: fix conditional code in ssl/s23_clnt.c, ssl/s23_srvr.c. - CVE-2014-3568 * SECURITY IMPROVEMENT: Added TLS_FALLBACK_SCSV support to mitigate a protocol downgrade attack to SSLv3 that exposes the POODLE attack. - debian/patches/tls_fallback_scsv_support.patch: added support for TLS_FALLBACK_SCSV in apps/s_client.c, crypto/err/openssl.ec, ssl/d1_lib.c, ssl/dtls1.h, ssl/s23_clnt.c, ssl/s23_srvr.c, ssl/s2_lib.c, ssl/s3_enc.c, ssl/s3_lib.c, ssl/ssl.h, ssl/ssl3.h, ssl/ssl_err.c, ssl/ssl_lib.c, ssl/t1_enc.c, ssl/tls1.h, ssl/ssl_locl.h, doc/apps/s_client.pod, doc/ssl/SSL_CTX_set_mode.pod. Checksums-Sha1: 758c98b72a8b1a7b2d3d25b132e8151cd2129153 400312 openssl_0.9.8k-7ubuntu8.22_i386.deb 8ac6939097ded94b423efb59281ac4994f05fe76 651678 openssl-doc_0.9.8k-7ubuntu8.22_all.deb 2151f5fc80fcb47c696e66d930e2509300784381 3035528 libssl0.9.8_0.9.8k-7ubuntu8.22_i386.deb 8ee310d862b11071fef9aad75173f1157e47c035 583146 libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.22_i386.udeb 19b9cbbd68cd1090ae56e9743b9ddc9c7d31b0ba 133846 libssl0.9.8-udeb_0.9.8k-7ubuntu8.22_i386.udeb 7b442ade73a6575610ea1483b7441c57bc9df899 2022768 libssl-dev_0.9.8k-7ubuntu8.22_i386.deb 0a35ee1325dfeb11de01d3b6a081ea18aae9b44c 5881446 libssl0.9.8-dbg_0.9.8k-7ubuntu8.22_i386.deb 541f7d4c56d4327cbdcac023f7c5eb1c594f592a 18561 openssl_0.9.8k-7ubuntu8.22_i386_translations.tar.gz Checksums-Sha256: 4e642d48d4ea39949d4f9803b3af5ebe1083c0803e66a0b698cbeb297c22145f 400312 openssl_0.9.8k-7ubuntu8.22_i386.deb 8ea5a5385489aa814001a878de8e3bff6c87b2584e87e1d3531c25163dd0299e 651678 openssl-doc_0.9.8k-7ubuntu8.22_all.deb d72478794dfb42bcb994233606289af7e4b501d56c48bc234db29c0b8997a64e 3035528 libssl0.9.8_0.9.8k-7ubuntu8.22_i386.deb 679b629e6e15f9ad0026fec96d81a783c89b0c8fcf6d4a7784ad6dcade89f0d1 583146 libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.22_i386.udeb 0585d5c20c6419c2c1b8b60838f6fd5dcecc5d17dbf3b93f8a705119805faab1 133846 libssl0.9.8-udeb_0.9.8k-7ubuntu8.22_i386.udeb bae831614f3d079eb105f3519e42a47bf307aca278d01e3b1105bd6faf28cb85 2022768 libssl-dev_0.9.8k-7ubuntu8.22_i386.deb c54d84c2b9000ea0e23f96f069349e74e707d9adf884945f4a26584bc4066d87 5881446 libssl0.9.8-dbg_0.9.8k-7ubuntu8.22_i386.deb da5a39e07a94a5a4ca219dac4951b1f1a9bbd01d4b6fd59bfcf0223eb6737e4c 18561 openssl_0.9.8k-7ubuntu8.22_i386_translations.tar.gz Files: a78674e74857db12cda088d697739c9b 400312 utils optional openssl_0.9.8k-7ubuntu8.22_i386.deb b24968a1ba9e67439d4c6890cc36f460 651678 doc optional openssl-doc_0.9.8k-7ubuntu8.22_all.deb d86068944f817fea7f54809dd2abcb88 3035528 libs important libssl0.9.8_0.9.8k-7ubuntu8.22_i386.deb 40aed595971bc8fa3eb44138d89fc4fe 583146 debian-installer optional libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.22_i386.udeb a5b1b24082deb7da1dddfe6d9b5b91fb 133846 debian-installer optional libssl0.9.8-udeb_0.9.8k-7ubuntu8.22_i386.udeb c1dc5445650e89ec1d2d9ebd9cc635ca 2022768 libdevel optional libssl-dev_0.9.8k-7ubuntu8.22_i386.deb bf2492285056ab7b1d03747296070d12 5881446 debug extra libssl0.9.8-dbg_0.9.8k-7ubuntu8.22_i386.deb 66522ed03ee17310ad6761d9d67fa03e 18561 raw-translations - openssl_0.9.8k-7ubuntu8.22_i386_translations.tar.gz Original-Maintainer: Debian OpenSSL Team Package-Type: udeb