Format: 1.8 Date: Thu, 19 Mar 2015 09:57:59 -0400 Source: openssl Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl0.9.8-udeb libssl-dev libssl0.9.8-dbg Architecture: sparc sparc_translations Version: 0.9.8k-7ubuntu8.27 Distribution: lucid Urgency: medium Maintainer: Ubuntu/sparc Build Daemon Changed-By: Marc Deslauriers Description: libcrypto0.9.8-udeb - crypto shared library - udeb (udeb) libssl-dev - SSL development libraries, header files and documentation libssl0.9.8 - SSL shared libraries libssl0.9.8-dbg - Symbol tables for libssl and libcrypto libssl0.9.8-udeb - ssl shared library - udeb (udeb) openssl - Secure Socket Layer (SSL) binary and related cryptographic tools openssl-doc - Secure Socket Layer (SSL) documentation Changes: openssl (0.9.8k-7ubuntu8.27) lucid-security; urgency=medium . * SECURITY UPDATE: denial of service and possible memory corruption via malformed EC private key - debian/patches/CVE-2015-0209.patch: fix use after free in crypto/ec/ec_asn1.c. - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c. - CVE-2015-0209 * SECURITY UPDATE: denial of service via cert verification - debian/patches/CVE-2015-0286.patch: handle boolean types in crypto/asn1/a_type.c. - CVE-2015-0286 * SECURITY UPDATE: ASN.1 structure reuse memory corruption - debian/patches/CVE-2015-0287.patch: free up structures in crypto/asn1/tasn_dec.c. - CVE-2015-0287 * SECURITY UPDATE: denial of service via invalid certificate key - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in crypto/x509/x509_req.c. - CVE-2015-0288 * SECURITY UPDATE: denial of service and possible code execution via PKCS#7 parsing - debian/patches/CVE-2015-0289.patch: handle missing content in crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c. - CVE-2015-0289 * SECURITY UPDATE: denial of service or memory corruption via base64 decoding - debian/patches/CVE-2015-0292.patch: prevent underflow in crypto/evp/encode.c. - CVE-2015-0292 * SECURITY UPDATE: denial of service via assert in SSLv2 servers - debian/patches/CVE-2015-0293.patch: check key lengths in ssl/s2_lib.c, ssl/s2_srvr.c. - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in ssl/s2_srvr.c. - CVE-2015-0293 Checksums-Sha1: d6681c3fb42b221d4d33441c6923c46efc605ecf 419426 openssl_0.9.8k-7ubuntu8.27_sparc.deb 38d6766062598db385001d05f8549b8a782e5d3a 2373600 libssl0.9.8_0.9.8k-7ubuntu8.27_sparc.deb cd3392ff153dc0fc6323297dae8ea54dd2e2e263 599078 libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.27_sparc.udeb b8436c0c3cd215a385f3d34c951b15642b69d48b 130248 libssl0.9.8-udeb_0.9.8k-7ubuntu8.27_sparc.udeb 6e5e76510cb31b9fedb4e14deec51287e7077fcb 2072792 libssl-dev_0.9.8k-7ubuntu8.27_sparc.deb b42e647d245bad8a8c8f54f457d6f15b6e463d2c 4154104 libssl0.9.8-dbg_0.9.8k-7ubuntu8.27_sparc.deb 461c2ae3ab91cb83278cd32813e44a5bb2d4799e 18465 openssl_0.9.8k-7ubuntu8.27_sparc_translations.tar.gz Checksums-Sha256: d7af91e19f84f28d2ec89cbc8a2234e30350ce2a1080a80743669a6e86673b1b 419426 openssl_0.9.8k-7ubuntu8.27_sparc.deb 65b36cedd9a10d65e713099eefd1d40bd53f3efa9798b41efbb2d06f2aa22ee5 2373600 libssl0.9.8_0.9.8k-7ubuntu8.27_sparc.deb cf3115143bd57d29ccee832ba0d8261272f554a8338b4479aa15bc81df739060 599078 libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.27_sparc.udeb 86a0b6671ecea322018368667ac57c7b8992bd450e3464fd84e5aad638299637 130248 libssl0.9.8-udeb_0.9.8k-7ubuntu8.27_sparc.udeb e3be0ae3759fa48f4e0a931c71d2906d077a2411e50ae14654f54a9794a31336 2072792 libssl-dev_0.9.8k-7ubuntu8.27_sparc.deb ed219243502fc0f2c792e2bd7c603ae480570c47f5d28f5d987ee8adec74e11c 4154104 libssl0.9.8-dbg_0.9.8k-7ubuntu8.27_sparc.deb 49ef4a101574efc1ca76029707779637e7270eb94d4e5a421ecf90868c738a75 18465 openssl_0.9.8k-7ubuntu8.27_sparc_translations.tar.gz Files: 4590e7379e1c330836679ab8780e5961 419426 utils optional openssl_0.9.8k-7ubuntu8.27_sparc.deb 8ee80f14d3652d442bbe573cf20e937d 2373600 libs important libssl0.9.8_0.9.8k-7ubuntu8.27_sparc.deb dcb01bdb348f94a7769bb19f4d2491e5 599078 debian-installer optional libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.27_sparc.udeb 05637435fe04b9d142b4ee6da9ded846 130248 debian-installer optional libssl0.9.8-udeb_0.9.8k-7ubuntu8.27_sparc.udeb 94209b32680ed72bd0d0b28a756fb2c1 2072792 libdevel optional libssl-dev_0.9.8k-7ubuntu8.27_sparc.deb a7f8b4a01cebc40c7aa3a5a1ca155169 4154104 debug extra libssl0.9.8-dbg_0.9.8k-7ubuntu8.27_sparc.deb abb9e279ca3b98030985a06e5d56b46e 18465 raw-translations - openssl_0.9.8k-7ubuntu8.27_sparc_translations.tar.gz Original-Maintainer: Debian OpenSSL Team Package-Type: udeb