Format: 1.8 Date: Fri, 09 Jan 2015 09:57:48 -0500 Source: openssl Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg Architecture: arm64 arm64_translations Version: 1.0.1f-1ubuntu2.8 Distribution: trusty Urgency: medium Maintainer: Ubuntu Build Daemon Changed-By: Marc Deslauriers Description: libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information libssl1.0.0-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.0.1f-1ubuntu2.8) trusty-security; urgency=medium . * SECURITY UPDATE: denial of service via unexpected handshake when no-ssl3 build option is used (not the default) - debian/patches/CVE-2014-3569.patch: keep the old method for now in ssl/s23_srvr.c. - CVE-2014-3569 * SECURITY UPDATE: bignum squaring may produce incorrect results - debian/patches/CVE-2014-3570.patch: fix bignum logic in crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, crypto/bn/bn_asm.c, removed crypto/bn/asm/mips3.s, added test to crypto/bn/bntest.c. - CVE-2014-3570 * SECURITY UPDATE: DTLS segmentation fault in dtls1_get_record - debian/patches/CVE-2014-3571-1.patch: fix crash in ssl/d1_pkt.c, ssl/s3_pkt.c. - debian/patches/CVE-2014-3571-2.patch: make code more obvious in ssl/d1_pkt.c. - CVE-2014-3571 * SECURITY UPDATE: ECDHE silently downgrades to ECDH [Client] - debian/patches/CVE-2014-3572.patch: don't skip server key exchange in ssl/s3_clnt.c. - CVE-2014-3572 * SECURITY UPDATE: certificate fingerprints can be modified - debian/patches/CVE-2014-8275.patch: fix various fingerprint issues in crypto/asn1/a_bitstr.c, crypto/asn1/a_type.c, crypto/asn1/a_verify.c, crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/x_algor.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, crypto/x509/x509.h, crypto/x509/x_all.c. - CVE-2014-8275 * SECURITY UPDATE: RSA silently downgrades to EXPORT_RSA [Client] - debian/patches/CVE-2015-0204.patch: only allow ephemeral RSA keys in export ciphersuites in ssl/d1_srvr.c, ssl/s3_clnt.c, ssl/s3_srvr.c, ssl/ssl.h, adjust documentation in doc/ssl/SSL_CTX_set_options.pod, doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod. - CVE-2015-0204 * SECURITY UPDATE: DH client certificates accepted without verification - debian/patches/CVE-2015-0205.patch: prevent use of DH client certificates without sending certificate verify message in ssl/s3_srvr.c. - CVE-2015-0205 * SECURITY UPDATE: DTLS memory leak in dtls1_buffer_record - debian/patches/CVE-2015-0206.patch: properly handle failures in ssl/d1_pkt.c. - CVE-2015-0206 Checksums-Sha1: d1fe6d5ade281a23113ffa203b96d006efcefd23 475582 openssl_1.0.1f-1ubuntu2.8_arm64.deb de998e0de90ae9846ca70333b849c6b69cd6d89a 654158 libssl1.0.0_1.0.1f-1ubuntu2.8_arm64.deb 0941f29ba77f07dcd789b60e86590ca87638c348 477730 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.8_arm64.udeb a276c3f93047c6e6581c1e61e3f8bdbe8717e88c 99934 libssl1.0.0-udeb_1.0.1f-1ubuntu2.8_arm64.udeb 7813c2b5ff2816087341ce2b358539c906edb576 945748 libssl-dev_1.0.1f-1ubuntu2.8_arm64.deb 078d218ec61e1bdcdd25a9ef73f36d77d3fe4c65 2677024 libssl1.0.0-dbg_1.0.1f-1ubuntu2.8_arm64.deb d52f3258703ebc502e68c95a02ab5ac1800ac750 20439 openssl_1.0.1f-1ubuntu2.8_arm64_translations.tar.gz Checksums-Sha256: 792616bc1dc289d1b0436e35b943f6192622b90eb9f51a707501014649a4a392 475582 openssl_1.0.1f-1ubuntu2.8_arm64.deb 4dcaeb655d7501f24836c77c0dd85c229cf30a1168ba16c74f2320e16d96f7e1 654158 libssl1.0.0_1.0.1f-1ubuntu2.8_arm64.deb 3a00d0f259a7e3a538188b0490976004818f40b0894f3e85b4d1f6b00076b77c 477730 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.8_arm64.udeb ffa9e160e69b3a11a39184751af0c9376604d22197cd2bd4cb5e426b862f17d4 99934 libssl1.0.0-udeb_1.0.1f-1ubuntu2.8_arm64.udeb 9da4dea9f0475ab80d3b87bda17fa7fa7484540c916b11a04bbee930bef7e478 945748 libssl-dev_1.0.1f-1ubuntu2.8_arm64.deb a831afea720cd3d6a83fc20bac9ad61906cba8eb5538ed12b2849ee5f1057329 2677024 libssl1.0.0-dbg_1.0.1f-1ubuntu2.8_arm64.deb b36a0db3dfeba1e6d0ceae2b420d65c760521ce803074c3a1801d546d58125ed 20439 openssl_1.0.1f-1ubuntu2.8_arm64_translations.tar.gz Files: 8719ef54e23802a3b8dbceea1e8943ec 475582 utils optional openssl_1.0.1f-1ubuntu2.8_arm64.deb 733e061c07c4b4a62d1bc88d51b07ce2 654158 libs important libssl1.0.0_1.0.1f-1ubuntu2.8_arm64.deb 037e97a01c1ff2b10ce5a2daec4bf582 477730 debian-installer optional libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.8_arm64.udeb 1e597886c6b6db8a296ae19a7f30e4f7 99934 debian-installer optional libssl1.0.0-udeb_1.0.1f-1ubuntu2.8_arm64.udeb 2f94d2d9e97f823abecb5f65e770a18b 945748 libdevel optional libssl-dev_1.0.1f-1ubuntu2.8_arm64.deb 545d0542712fabbf84afbc881c6ce7ba 2677024 debug extra libssl1.0.0-dbg_1.0.1f-1ubuntu2.8_arm64.deb 5803972de583c828701131ce857aedb2 20439 raw-translations - openssl_1.0.1f-1ubuntu2.8_arm64_translations.tar.gz Original-Maintainer: Debian OpenSSL Team Package-Type: udeb