Format: 1.8 Date: Thu, 19 Mar 2015 10:04:30 -0400 Source: openssl Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg Architecture: armhf armhf_translations Version: 1.0.1f-1ubuntu2.11 Distribution: trusty Urgency: medium Maintainer: Ubuntu/armhf Build Daemon Changed-By: Marc Deslauriers Description: libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information libssl1.0.0-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.0.1f-1ubuntu2.11) trusty-security; urgency=medium . * SECURITY UPDATE: denial of service and possible memory corruption via malformed EC private key - debian/patches/CVE-2015-0209.patch: fix use after free in crypto/ec/ec_asn1.c. - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c. - CVE-2015-0209 * SECURITY UPDATE: denial of service via cert verification - debian/patches/CVE-2015-0286.patch: handle boolean types in crypto/asn1/a_type.c. - CVE-2015-0286 * SECURITY UPDATE: ASN.1 structure reuse memory corruption - debian/patches/CVE-2015-0287.patch: free up structures in crypto/asn1/tasn_dec.c. - CVE-2015-0287 * SECURITY UPDATE: denial of service via invalid certificate key - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in crypto/x509/x509_req.c. - CVE-2015-0288 * SECURITY UPDATE: denial of service and possible code execution via PKCS#7 parsing - debian/patches/CVE-2015-0289.patch: handle missing content in crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c. - CVE-2015-0289 * SECURITY UPDATE: denial of service or memory corruption via base64 decoding - debian/patches/CVE-2015-0292.patch: prevent underflow in crypto/evp/encode.c. - CVE-2015-0292 * SECURITY UPDATE: denial of service via assert in SSLv2 servers - debian/patches/CVE-2015-0293.patch: check key lengths in ssl/s2_lib.c, ssl/s2_srvr.c. - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in ssl/s2_srvr.c. - CVE-2015-0293 Checksums-Sha1: dbde96cc99b419fb5fc65ca515bd484bce59865a 488540 openssl_1.0.1f-1ubuntu2.11_armhf.deb 273227775fa4362bd9b427311325e2d4e8112c2d 657534 libssl1.0.0_1.0.1f-1ubuntu2.11_armhf.deb ec5a81b2d2fa52b418354af886a929c362311a27 471734 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.11_armhf.udeb feb6b6748a5a1667fdfe9c9b030b757b166827d2 102730 libssl1.0.0-udeb_1.0.1f-1ubuntu2.11_armhf.udeb 07cd716bed616a53f0f3b975aee69fd30e29137c 911238 libssl-dev_1.0.1f-1ubuntu2.11_armhf.deb 37cc76fd8bb13a74aa0d4b44976cff861e0324ad 2535060 libssl1.0.0-dbg_1.0.1f-1ubuntu2.11_armhf.deb 4251c36c782209a8d62d646d6f8a7d699eb99089 20611 openssl_1.0.1f-1ubuntu2.11_armhf_translations.tar.gz Checksums-Sha256: ef914d231465886dd33f3c08d9cd5ebf3e9414c67863f92e6b1fcb52c2364fee 488540 openssl_1.0.1f-1ubuntu2.11_armhf.deb 1343f7a42358dfbce02e80f10e9eb6e26bd12c3cda868f6266474c1672276720 657534 libssl1.0.0_1.0.1f-1ubuntu2.11_armhf.deb d24348032d6669391719065504f51fcde56b5b0941a6586148f2c29e7f0544e9 471734 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.11_armhf.udeb c2b64476c934159207fbe39022024dc2b7404d9a42d339a483912ad11efab177 102730 libssl1.0.0-udeb_1.0.1f-1ubuntu2.11_armhf.udeb 3c0af69a9991364d75975e1ef2e829f9010ee60516cd6e81e3933443954280cb 911238 libssl-dev_1.0.1f-1ubuntu2.11_armhf.deb e8588ff7cf384ae29586dd9af8e093dfa2e5707dcd7c33ba3eb099d86e13972c 2535060 libssl1.0.0-dbg_1.0.1f-1ubuntu2.11_armhf.deb 852d71bbf425a5bbe42d8118bfd79b5702de39fcc6dc818f0e6a541e6c59996c 20611 openssl_1.0.1f-1ubuntu2.11_armhf_translations.tar.gz Files: bc72673247f78b2f042ebfe4b8911bbf 488540 utils optional openssl_1.0.1f-1ubuntu2.11_armhf.deb 66a557b432de59c715ab0330787b4e86 657534 libs important libssl1.0.0_1.0.1f-1ubuntu2.11_armhf.deb acb20ffb21183f59aacc1d09b013c860 471734 debian-installer optional libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.11_armhf.udeb 306d8dc5d82c688b2d3cb44c5980c068 102730 debian-installer optional libssl1.0.0-udeb_1.0.1f-1ubuntu2.11_armhf.udeb e53a4070fd87fff0bdab0b2b70a9eaa1 911238 libdevel optional libssl-dev_1.0.1f-1ubuntu2.11_armhf.deb bcf2ed2f1aa7d1cefde9111164cc47f5 2535060 debug extra libssl1.0.0-dbg_1.0.1f-1ubuntu2.11_armhf.deb 251b287b439750031f315a8c928eacfd 20611 raw-translations - openssl_1.0.1f-1ubuntu2.11_armhf_translations.tar.gz Original-Maintainer: Debian OpenSSL Team Package-Type: udeb