Format: 1.8 Date: Mon, 23 Aug 2021 13:02:39 -0400 Source: openssl Binary: libcrypto1.1-udeb libssl-dev libssl1.1 libssl1.1-udeb openssl Architecture: s390x s390x_translations Version: 1.1.1f-1ubuntu2.8 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl1.1 - Secure Sockets Layer toolkit - shared libraries libssl1.1-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.1.1f-1ubuntu2.8) focal-security; urgency=medium . * SECURITY UPDATE: SM2 Decryption Buffer Overflow - debian/patches/CVE-2021-3711-1.patch: correctly calculate the length of SM2 plaintext given the ciphertext in crypto/sm2/sm2_crypt.c, crypto/sm2/sm2_pmeth.c, include/crypto/sm2.h, test/sm2_internal_test.c. - debian/patches/CVE-2021-3711-2.patch: extend tests for SM2 decryption in test/recipes/30-test_evp_data/evppkey.txt. - debian/patches/CVE-2021-3711-3.patch: check the plaintext buffer is large enough when decrypting SM2 in crypto/sm2/sm2_crypt.c. - CVE-2021-3711 * SECURITY UPDATE: Read buffer overrun in X509_aux_print() - debian/patches/CVE-2021-3712.patch: fix a read buffer overrun in X509_aux_print() in crypto/x509/t_x509.c. - debian/patches/CVE-2021-3712-2.patch: fix i2v_GENERAL_NAME to not assume NUL terminated strings in crypto/x509v3/v3_alt.c, crypto/x509v3/v3_utl.c, include/crypto/x509.h. - debian/patches/CVE-2021-3712-3.patch: fix POLICYINFO printing to not assume NUL terminated strings in crypto/x509v3/v3_cpols.c. - debian/patches/CVE-2021-3712-4.patch: fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings in crypto/x509v3/v3_pci.c. - debian/patches/CVE-2021-3712-5.patch: fix the name constraints code to not assume NUL terminated strings in crypto/x509v3/v3_ncons.c. - debian/patches/CVE-2021-3712-6.patch: fix test code to not assume NUL terminated strings in test/x509_time_test.c. - debian/patches/CVE-2021-3712-7.patch: fix append_ia5 function to not assume NUL terminated strings in crypto/x509v3/v3_utl.c. - debian/patches/CVE-2021-3712-8.patch: fix NETSCAPE_SPKI_print function to not assume NUL terminated strings in crypto/asn1/t_spki.c. - debian/patches/CVE-2021-3712-9.patch: fix EC_GROUP_new_from_ecparameters to check the base length in crypto/ec/ec_asn1.c. - debian/patches/CVE-2021-3712-10.patch: allow fuzz builds to detect string overruns in crypto/asn1/asn1_lib.c. - debian/patches/CVE-2021-3712-11.patch: fix the error handling in i2v_AUTHORITY_KEYID in crypto/x509v3/v3_akey.c. - debian/patches/CVE-2021-3712-12.patch: allow fuzz builds to detect string overruns in crypto/asn1/asn1_lib.c. - debian/patches/CVE-2021-3712-13.patch: fix the name constraints code to not assume NUL terminated strings in crypto/x509v3/v3_ncons.c. - debian/patches/CVE-2021-3712-14.patch: fix i2v_GENERAL_NAME to not assume NUL terminated strings in crypto/x509v3/v3_utl.c. - CVE-2021-3712 Checksums-Sha1: 3928ae1b486973de57c415d5ecdbcd3001e98f47 778896 libcrypto1.1-udeb_1.1.1f-1ubuntu2.8_s390x.udeb 111924735f1b0b717c7c48513a5d56517535df2d 1255688 libssl-dev_1.1.1f-1ubuntu2.8_s390x.deb a1e7620f6acf60896116f3b8355a0b62d75f4a74 2954128 libssl1.1-dbgsym_1.1.1f-1ubuntu2.8_s390x.ddeb a6e0ffc5cb86a35e9332869164b9c08d1d2968f1 169640 libssl1.1-udeb_1.1.1f-1ubuntu2.8_s390x.udeb 061f0edcb042d41358af08e9f894cc15c6a49675 983696 libssl1.1_1.1.1f-1ubuntu2.8_s390x.deb 471e761c36e898aa49dacd7980b915bb33e9812f 544852 openssl-dbgsym_1.1.1f-1ubuntu2.8_s390x.ddeb ffa6174dc4a0311e8f292e1f0d884204be8a865b 7220 openssl_1.1.1f-1ubuntu2.8_s390x.buildinfo eb7bd46f70869b245b53167bc23eeb471aab20f2 607564 openssl_1.1.1f-1ubuntu2.8_s390x.deb 2ee34de1e73540739847256dcc15c0bdbf134b89 27733 openssl_1.1.1f-1ubuntu2.8_s390x_translations.tar.gz Checksums-Sha256: 5e8382dd0fc1d4fbe1595152af1f986f98ead53ef747f719f217835c895e7dc9 778896 libcrypto1.1-udeb_1.1.1f-1ubuntu2.8_s390x.udeb d94b9b7c25c189f03973ebe589a5337a4add96a93272f807ac2ab6a9cf669d1b 1255688 libssl-dev_1.1.1f-1ubuntu2.8_s390x.deb fcc8235107c5ed9da2df331075c6595cfac2c7915f4e77dc1c3de53f6949c56f 2954128 libssl1.1-dbgsym_1.1.1f-1ubuntu2.8_s390x.ddeb f776a76f11a744950591eea9b3b0e2d30be9cf37ce9fe85ace7a0438a4f868bd 169640 libssl1.1-udeb_1.1.1f-1ubuntu2.8_s390x.udeb 111b4145f7395671392912295caaab6a35a04cc9c577c1604d2bb7addcb9ca6f 983696 libssl1.1_1.1.1f-1ubuntu2.8_s390x.deb 182b262a83c48bcd7abc56311bd6f9bd68213599dc36bb096f2e43ec20bb9cfa 544852 openssl-dbgsym_1.1.1f-1ubuntu2.8_s390x.ddeb 8b584df89b3c80af8951b32ba4212647d9c9bab6ccbc3140f001f5c013d6941b 7220 openssl_1.1.1f-1ubuntu2.8_s390x.buildinfo 3b0f2143d808933637c2fcfdadc04f2655022146d40af60546a07895923bb050 607564 openssl_1.1.1f-1ubuntu2.8_s390x.deb cb380c58f1e9345d85c037e79b9c9e4f275959f6f90a84e7de6a3c97cc6590e1 27733 openssl_1.1.1f-1ubuntu2.8_s390x_translations.tar.gz Files: 9fa3953b3de9b5ac04481e0cab32faf2 778896 debian-installer optional libcrypto1.1-udeb_1.1.1f-1ubuntu2.8_s390x.udeb 1f6197f14554873115f0495727f97761 1255688 libdevel optional libssl-dev_1.1.1f-1ubuntu2.8_s390x.deb 87312c3ee26169348d9b1f664d81f6d2 2954128 debug optional libssl1.1-dbgsym_1.1.1f-1ubuntu2.8_s390x.ddeb 8d52a290b4c24a5ea3f8c6585305daba 169640 debian-installer optional libssl1.1-udeb_1.1.1f-1ubuntu2.8_s390x.udeb c30f2ca4d4935d9d384983305f63fbe0 983696 libs optional libssl1.1_1.1.1f-1ubuntu2.8_s390x.deb 977a8539c0a0610a9c2dcabba9a85bba 544852 debug optional openssl-dbgsym_1.1.1f-1ubuntu2.8_s390x.ddeb 2d0a9e3d3ed3a73148a6ddeb1d0375e5 7220 utils optional openssl_1.1.1f-1ubuntu2.8_s390x.buildinfo d23e49e3170efde780a45e87a4f4d5c6 607564 utils optional openssl_1.1.1f-1ubuntu2.8_s390x.deb 60e753012bcb3c39be45341123812e70 27733 raw-translations - openssl_1.1.1f-1ubuntu2.8_s390x_translations.tar.gz Original-Maintainer: Debian OpenSSL Team