Format: 1.8
Date: Wed, 20 Jun 2018 07:32:59 -0400
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl1.0-dev libssl-doc libssl1.0.0-dbg
Architecture: source
Version: 1.0.2g-1ubuntu13.6
Distribution: artful-security
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.0-dev - Secure Sockets Layer toolkit - metapackage
 libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.0.0-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.0.2g-1ubuntu13.6) artful-security; urgency=medium
 .
   * SECURITY UPDATE: ECDSA key extraction side channel
     - debian/patches/CVE-2018-0495.patch: add blinding to an ECDSA
       signature in crypto/ecdsa/ecdsatest.c, crypto/ecdsa/ecs_ossl.c.
     - CVE-2018-0495
   * SECURITY UPDATE: denial of service via long prime values
     - debian/patches/CVE-2018-0732.patch: reject excessively large primes
       in DH key generation in crypto/dh/dh_key.c.
     - CVE-2018-0732
   * SECURITY UPDATE: RSA cache timing side channel attack
     (previous update was incomplete)
     - debian/patches/CVE-2018-0737-1.patch: replaced variable-time GCD in
       crypto/rsa/rsa_gen.c.
     - debian/patches/CVE-2018-0737-2.patch: used ERR set/pop mark in
       crypto/rsa/rsa_gen.c.
     - debian/patches/CVE-2018-0737-3.patch: consttime flag changed in
       crypto/rsa/rsa_gen.c.
     - debian/patches/CVE-2018-0737-4.patch: ensure BN_mod_inverse and
       BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set in
       crypto/rsa/rsa_gen.c.
     - CVE-2018-0737
Checksums-Sha1:
 b7ce90db149806e1539bebba6263d3ec486fb6ef 2514 openssl_1.0.2g-1ubuntu13.6.dsc
 dc3a39f2956a539453d31b29b26712adef64ac59 125684 openssl_1.0.2g-1ubuntu13.6.debian.tar.xz
 7d54d4707d1b4f6558f741e69810affb7d58de32 5826 openssl_1.0.2g-1ubuntu13.6_source.buildinfo
Checksums-Sha256:
 614314a3d2c9093b284c74d88a09e90ef212990abfde47f00ce97bba2ffcaee4 2514 openssl_1.0.2g-1ubuntu13.6.dsc
 88cccaa57f706344ec42e4ca4bfcc892858fe5d50b2215ba42308f49d1cc5df9 125684 openssl_1.0.2g-1ubuntu13.6.debian.tar.xz
 c4a1e3403c9df40ae3e258d4c484023c86af2eed6c5965a14884194cb1fab233 5826 openssl_1.0.2g-1ubuntu13.6_source.buildinfo
Files:
 6da1fb6716a333720539da1e20acf2e5 2514 utils optional openssl_1.0.2g-1ubuntu13.6.dsc
 6ab81dbff481df4f05f886ad1c77eae4 125684 utils optional openssl_1.0.2g-1ubuntu13.6.debian.tar.xz
 376567998989eb07f19099acf16dba22 5826 utils optional openssl_1.0.2g-1ubuntu13.6_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>