Format: 1.8
Date: Fri, 09 Jan 2015 11:16:50 -0500
Source: openssl
Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl0.9.8-udeb libssl-dev libssl0.9.8-dbg
Architecture: i386 all i386_translations
Version: 0.9.8k-7ubuntu8.23
Distribution: lucid
Urgency: medium
Maintainer: Ubuntu/amd64 Build Daemon <buildd@kissel.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 libcrypto0.9.8-udeb - crypto shared library - udeb (udeb)
 libssl-dev - SSL development libraries, header files and documentation
 libssl0.9.8 - SSL shared libraries
 libssl0.9.8-dbg - Symbol tables for libssl and libcrypto
 libssl0.9.8-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Socket Layer (SSL) binary and related cryptographic tools
 openssl-doc - Secure Socket Layer (SSL) documentation
Changes: 
 openssl (0.9.8k-7ubuntu8.23) lucid-security; urgency=medium
 .
   * SECURITY UPDATE: denial of service via unexpected handshake when
     no-ssl3 build option is used (not the default)
     - debian/patches/CVE-2014-3569.patch: keep the old method for now in
       ssl/s23_srvr.c.
     - CVE-2014-3569
   * SECURITY UPDATE: bignum squaring may produce incorrect results
     - debian/patches/CVE-2014-3570.patch: fix bignum logic in
       crypto/bn/asm/mips3.s, crypto/bn/asm/x86_64-gcc.c,
       crypto/bn/bn_asm.c, added test to crypto/bn/bntest.c.
     - CVE-2014-3570
   * SECURITY UPDATE: DTLS segmentation fault in dtls1_get_record
     - debian/patches/CVE-2014-3571.patch: fix crash in ssl/d1_pkt.c,
       ssl/s3_pkt.c.
     - CVE-2014-3571
   * SECURITY UPDATE: ECDHE silently downgrades to ECDH [Client]
     - debian/patches/CVE-2014-3572.patch: don't skip server key exchange in
       ssl/s3_clnt.c.
     - CVE-2014-3572
   * SECURITY UPDATE: certificate fingerprints can be modified
     - debian/patches/CVE-2014-8275.patch: fix various fingerprint issues in
       crypto/asn1/a_bitstr.c, crypto/asn1/a_type.c, crypto/asn1/a_verify.c,
       crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/x_algor.c,
       crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, crypto/x509/x509.h,
       crypto/x509/x_all.c, util/libeay.num.
     - CVE-2014-8275
   * SECURITY UPDATE: RSA silently downgrades to EXPORT_RSA [Client]
     - debian/patches/CVE-2015-0204.patch: only allow ephemeral RSA keys in
       export ciphersuites in ssl/d1_srvr.c, ssl/s3_clnt.c, ssl/s3_srvr.c,
       ssl/ssl.h, adjust documentation in doc/ssl/SSL_CTX_set_options.pod,
       doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod.
     - CVE-2015-0204
Checksums-Sha1: 
 5b5890390a2439731e4f02b4ab8ec971023fa958 400782 openssl_0.9.8k-7ubuntu8.23_i386.deb
 cedd292c4497f049e694edc92c4df76d57af91bc 652536 openssl-doc_0.9.8k-7ubuntu8.23_all.deb
 79ddae2d38a48d2d5ef45ab50df140bc3261ffa6 3035762 libssl0.9.8_0.9.8k-7ubuntu8.23_i386.deb
 5a2bc5ce722f42a2978789a8334aa04276b5f334 583534 libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.23_i386.udeb
 f164daf4ff196daa0939cf3b47f22f6a4d648d89 133930 libssl0.9.8-udeb_0.9.8k-7ubuntu8.23_i386.udeb
 f6554a39ab3441f097ebf91ff2bafd678f6bd8ea 2022394 libssl-dev_0.9.8k-7ubuntu8.23_i386.deb
 b7ab210a50b17dd94bed617bbcf8dc5aab5465ad 5887570 libssl0.9.8-dbg_0.9.8k-7ubuntu8.23_i386.deb
 5b5320365fad4d2178837435acb6acc1475ba7ee 18306 openssl_0.9.8k-7ubuntu8.23_i386_translations.tar.gz
Checksums-Sha256: 
 cb716396b0e3ee9ab5d4eb32bc438911e638c795ac72d572d6b5c32112886ca8 400782 openssl_0.9.8k-7ubuntu8.23_i386.deb
 3882ad9ce7065b5f65a337d3a9641981b3a5a50b6d2dba6326b4a318a3778a18 652536 openssl-doc_0.9.8k-7ubuntu8.23_all.deb
 b9852b42af4a509b552df21d4713e2456812c36e64a29d95eaac83b43cf3cc11 3035762 libssl0.9.8_0.9.8k-7ubuntu8.23_i386.deb
 39814b3c2b5d6c40e2b8a6182d4469d92aa40bd4a9dfd4ccf8586ad8071369a5 583534 libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.23_i386.udeb
 038daa298c9b61dc295c642c44a11a784e4f393380c5f640fe646cc5b5e18c9b 133930 libssl0.9.8-udeb_0.9.8k-7ubuntu8.23_i386.udeb
 0f80ee9a7253bcaf4402c7c6261abf6dc7f28cbae5527b13b3017d89b63cbd91 2022394 libssl-dev_0.9.8k-7ubuntu8.23_i386.deb
 66546f590fc4392e9b3b41a42a5b87cb72621b72681b5b0dc2b89ab13e301eb1 5887570 libssl0.9.8-dbg_0.9.8k-7ubuntu8.23_i386.deb
 c04ef59cd1f76db85fe8b078848aaed82d8f0834127582db92e95738a6d1b114 18306 openssl_0.9.8k-7ubuntu8.23_i386_translations.tar.gz
Files: 
 2167234493340082835b2a20f5ee6a7a 400782 utils optional openssl_0.9.8k-7ubuntu8.23_i386.deb
 26e4fe2e94c7676dad3fe0555b613430 652536 doc optional openssl-doc_0.9.8k-7ubuntu8.23_all.deb
 e671924d24ab330e5427dd2584d06b4f 3035762 libs important libssl0.9.8_0.9.8k-7ubuntu8.23_i386.deb
 e31dc017ffc13e72ca0064609bda6992 583534 debian-installer optional libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.23_i386.udeb
 994468c800884aafddab2f73385d12d5 133930 debian-installer optional libssl0.9.8-udeb_0.9.8k-7ubuntu8.23_i386.udeb
 bd0ce911e01a4890db03b9f13b51c695 2022394 libdevel optional libssl-dev_0.9.8k-7ubuntu8.23_i386.deb
 54ee30a9ea32b4292d32173320aa3c42 5887570 debug extra libssl0.9.8-dbg_0.9.8k-7ubuntu8.23_i386.deb
 2ebb79fea7f591207b7d42406053379e 18306 raw-translations - openssl_0.9.8k-7ubuntu8.23_i386_translations.tar.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Package-Type: udeb