Format: 1.8 Date: Fri, 09 Jan 2015 11:16:50 -0500 Source: openssl Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl0.9.8-udeb libssl-dev libssl0.9.8-dbg Architecture: sparc sparc_translations Version: 0.9.8k-7ubuntu8.23 Distribution: lucid Urgency: medium Maintainer: Ubuntu/sparc Build Daemon Changed-By: Marc Deslauriers Description: libcrypto0.9.8-udeb - crypto shared library - udeb (udeb) libssl-dev - SSL development libraries, header files and documentation libssl0.9.8 - SSL shared libraries libssl0.9.8-dbg - Symbol tables for libssl and libcrypto libssl0.9.8-udeb - ssl shared library - udeb (udeb) openssl - Secure Socket Layer (SSL) binary and related cryptographic tools openssl-doc - Secure Socket Layer (SSL) documentation Changes: openssl (0.9.8k-7ubuntu8.23) lucid-security; urgency=medium . * SECURITY UPDATE: denial of service via unexpected handshake when no-ssl3 build option is used (not the default) - debian/patches/CVE-2014-3569.patch: keep the old method for now in ssl/s23_srvr.c. - CVE-2014-3569 * SECURITY UPDATE: bignum squaring may produce incorrect results - debian/patches/CVE-2014-3570.patch: fix bignum logic in crypto/bn/asm/mips3.s, crypto/bn/asm/x86_64-gcc.c, crypto/bn/bn_asm.c, added test to crypto/bn/bntest.c. - CVE-2014-3570 * SECURITY UPDATE: DTLS segmentation fault in dtls1_get_record - debian/patches/CVE-2014-3571.patch: fix crash in ssl/d1_pkt.c, ssl/s3_pkt.c. - CVE-2014-3571 * SECURITY UPDATE: ECDHE silently downgrades to ECDH [Client] - debian/patches/CVE-2014-3572.patch: don't skip server key exchange in ssl/s3_clnt.c. - CVE-2014-3572 * SECURITY UPDATE: certificate fingerprints can be modified - debian/patches/CVE-2014-8275.patch: fix various fingerprint issues in crypto/asn1/a_bitstr.c, crypto/asn1/a_type.c, crypto/asn1/a_verify.c, crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/x_algor.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, crypto/x509/x509.h, crypto/x509/x_all.c, util/libeay.num. - CVE-2014-8275 * SECURITY UPDATE: RSA silently downgrades to EXPORT_RSA [Client] - debian/patches/CVE-2015-0204.patch: only allow ephemeral RSA keys in export ciphersuites in ssl/d1_srvr.c, ssl/s3_clnt.c, ssl/s3_srvr.c, ssl/ssl.h, adjust documentation in doc/ssl/SSL_CTX_set_options.pod, doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod. - CVE-2015-0204 Checksums-Sha1: d67d834505610b7818ee3a316ab9d8c719cd20f6 419416 openssl_0.9.8k-7ubuntu8.23_sparc.deb 24c26334eb2e5d02a5166e70c574994c33f7a022 2371774 libssl0.9.8_0.9.8k-7ubuntu8.23_sparc.deb 8569d05d9076179e6b5ccd209664f9c7455324b9 598768 libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.23_sparc.udeb 9cd62b383118254c35b687c75feb6ade2821c0f8 130178 libssl0.9.8-udeb_0.9.8k-7ubuntu8.23_sparc.udeb 5a1c4a7f5688af299e4f98f0be5fd14e639bd8c2 2072104 libssl-dev_0.9.8k-7ubuntu8.23_sparc.deb cf8685fa8e1480de1b92183e82d49cff950e282d 4153162 libssl0.9.8-dbg_0.9.8k-7ubuntu8.23_sparc.deb 6a42a6f486ff0efb75a8776f38b1c00623cb8e44 18466 openssl_0.9.8k-7ubuntu8.23_sparc_translations.tar.gz Checksums-Sha256: db76f181d1e3e937fac5100e6f9c431aba8e6b5ee11c67e90f3089ccd57cdedb 419416 openssl_0.9.8k-7ubuntu8.23_sparc.deb bcda081ca61fb260f98a3d4c7921d36e034eeeb53d300b66af909f3c3b466a30 2371774 libssl0.9.8_0.9.8k-7ubuntu8.23_sparc.deb dab1b785dd2cb6f75bd8c70ad5e40eae41cb767a0a817519c0c16e0c1558ee01 598768 libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.23_sparc.udeb d6b274b658864811797272f720e957ecb970bbb572e02d39ab2bf67a44f71df1 130178 libssl0.9.8-udeb_0.9.8k-7ubuntu8.23_sparc.udeb 648021f4dfa2c7d51a3ae6a4935b7c063c1cb4493e0554de3479f185f74403f9 2072104 libssl-dev_0.9.8k-7ubuntu8.23_sparc.deb 678ad8d3184a29c3d1eaa572b39c3a7e64e6f49ea618c67f8b7cac261e03f3fb 4153162 libssl0.9.8-dbg_0.9.8k-7ubuntu8.23_sparc.deb e89b6b25acef8e42690234cd06cdcbaaf1632beb42c2e85ed5dc79e8e8c0ed4c 18466 openssl_0.9.8k-7ubuntu8.23_sparc_translations.tar.gz Files: 4a6b94fd9c7766cb8a2a378a05da23e2 419416 utils optional openssl_0.9.8k-7ubuntu8.23_sparc.deb fd3e8ad481dab4339bb633e379937be5 2371774 libs important libssl0.9.8_0.9.8k-7ubuntu8.23_sparc.deb 28a45dd7e27a55a57cabcad177566c56 598768 debian-installer optional libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.23_sparc.udeb 63f786e011f787ff1ee2932b02966fcf 130178 debian-installer optional libssl0.9.8-udeb_0.9.8k-7ubuntu8.23_sparc.udeb 69170a04ab42c5f56a370c5d8cb6f865 2072104 libdevel optional libssl-dev_0.9.8k-7ubuntu8.23_sparc.deb 76b08e5a28431b2c37bf0974bfb64918 4153162 debug extra libssl0.9.8-dbg_0.9.8k-7ubuntu8.23_sparc.deb a7739ac0ada75052fbee42bc6e6134c5 18466 raw-translations - openssl_0.9.8k-7ubuntu8.23_sparc_translations.tar.gz Original-Maintainer: Debian OpenSSL Team Package-Type: udeb