Format: 1.8 Date: Mon, 06 Feb 2023 12:57:17 -0500 Source: openssl Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc Architecture: i386 i386_translations Version: 1.1.1-1ubuntu2.1~18.04.21 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.1 - Secure Sockets Layer toolkit - shared libraries libssl1.1-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.1.1-1ubuntu2.1~18.04.21) bionic-security; urgency=medium . * SECURITY UPDATE: Timing Oracle in RSA Decryption - debian/patches/CVE-2022-4304.patch: fix timing oracle in crypto/bn/bn_blind.c, crypto/bn/bn_err.c, crypto/bn/bn_lcl.h, crypto/bn/rsa_sup_mul.c, crypto/err/openssl.txt, crypto/rsa/rsa_ossl.c, include/openssl/bnerr.h, crypto/include/internal/bn_int.h, crypto/bn/build.info. - CVE-2022-4304 * SECURITY UPDATE: Double free after calling PEM_read_bio_ex - debian/patches/CVE-2022-4450-1.patch: avoid dangling ptrs in header and data params for PEM_read_bio_ex in crypto/pem/pem_lib.c. - debian/patches/CVE-2022-4450-2.patch: add a test in test/pemtest.c. - CVE-2022-4450 * SECURITY UPDATE: Use-after-free following BIO_new_NDEF - debian/patches/CVE-2023-0215-1.patch: fix a UAF resulting from a bug in BIO_new_NDEF in crypto/asn1/bio_ndef.c. - debian/patches/CVE-2023-0215-2.patch: check CMS failure during BIO setup with -stream is handled correctly in test/recipes/80-test_cms.t, test/smime-certs/badrsa.pem. - CVE-2023-0215 * SECURITY UPDATE: X.400 address type confusion in X.509 GeneralName - debian/patches/CVE-2023-0286.patch: fix GENERAL_NAME_cmp for x400Address in crypto/x509/v3_genn.c, include/openssl/x509v3.h, test/v3nametest.c. - CVE-2023-0286 Checksums-Sha1: 21ada02a9c7c6f27774d510608809dbe96faf9ca 1060720 libcrypto1.1-udeb_1.1.1-1ubuntu2.1~18.04.21_i386.udeb 9a66cc5397fb9483c44669822cd9d8e687d89687 1599944 libssl-dev_1.1.1-1ubuntu2.1~18.04.21_i386.deb e48282d7145627ee571a19ee05cf6fc4e53dff64 2758304 libssl1.1-dbgsym_1.1.1-1ubuntu2.1~18.04.21_i386.ddeb fd7881a46a17e68c6c18dcb40bfe4824be61d134 209008 libssl1.1-udeb_1.1.1-1ubuntu2.1~18.04.21_i386.udeb 72c1be4d18ceb2dd58cd24370fec10f99cebb627 1305528 libssl1.1_1.1.1-1ubuntu2.1~18.04.21_i386.deb 228fe4f3f50c809f33aff9006d08ba83cbb871a1 489444 openssl-dbgsym_1.1.1-1ubuntu2.1~18.04.21_i386.ddeb 034691645d291c24235b6310a0cbd9717cf554b5 7565 openssl_1.1.1-1ubuntu2.1~18.04.21_i386.buildinfo 3166903b6305ea7cd10685f5d021da4ec9f96c38 626556 openssl_1.1.1-1ubuntu2.1~18.04.21_i386.deb 80d0f47030be1d85b67edc3468e25cc27e64f948 26560 openssl_1.1.1-1ubuntu2.1~18.04.21_i386_translations.tar.gz Checksums-Sha256: 644b4859c554b853af43d251e5e4831e46c8c5299d3ee301fcd62a49f51ac290 1060720 libcrypto1.1-udeb_1.1.1-1ubuntu2.1~18.04.21_i386.udeb 7559d0badd73e7888fc5f7f948b3b57a3294ad50a8ff60dc69b495e1eb1d66f3 1599944 libssl-dev_1.1.1-1ubuntu2.1~18.04.21_i386.deb 476a4c792715e85cf571b7871f1a1bbd2e074d8f63f3ec5c02405bacc8f06682 2758304 libssl1.1-dbgsym_1.1.1-1ubuntu2.1~18.04.21_i386.ddeb 6c3053e0ee5757a4f8d4b1fe7ed96af48a3d0c1ca0e4701c0a623c819e533746 209008 libssl1.1-udeb_1.1.1-1ubuntu2.1~18.04.21_i386.udeb 316058eecd93c436a5e0c8291192926cde242826bb695ed56b56aefdc592cd56 1305528 libssl1.1_1.1.1-1ubuntu2.1~18.04.21_i386.deb 338cc9a41148b58bab90e8fda90dfc15bce857342a0104b9234f9e5860a83e73 489444 openssl-dbgsym_1.1.1-1ubuntu2.1~18.04.21_i386.ddeb 9962da1ece2aa32c9782dda3acee873f02972fa13242bd986c2e1c76bdd5ae59 7565 openssl_1.1.1-1ubuntu2.1~18.04.21_i386.buildinfo 1515a53e770e8b814d543a956bb411c47f0a74371875da56111acd20cb168b30 626556 openssl_1.1.1-1ubuntu2.1~18.04.21_i386.deb 75f22db7bb34e0b2819f78f67d74d3a7f1786fcbdd07ab750e7e0a2cdac566c2 26560 openssl_1.1.1-1ubuntu2.1~18.04.21_i386_translations.tar.gz Files: bdb1c12579fd92c9dda6b34cb76849d5 1060720 debian-installer optional libcrypto1.1-udeb_1.1.1-1ubuntu2.1~18.04.21_i386.udeb da18029546e55a496d8de4a1a4c3b98d 1599944 libdevel optional libssl-dev_1.1.1-1ubuntu2.1~18.04.21_i386.deb dd100c6986c5704d1047d050312b9def 2758304 debug optional libssl1.1-dbgsym_1.1.1-1ubuntu2.1~18.04.21_i386.ddeb ca58c9820ab4382572cf4f0f05d66a91 209008 debian-installer optional libssl1.1-udeb_1.1.1-1ubuntu2.1~18.04.21_i386.udeb 1611781e805f629697e8db761adcf6cd 1305528 libs optional libssl1.1_1.1.1-1ubuntu2.1~18.04.21_i386.deb 70db8b7095b780be5fc16a863a1c2a8a 489444 debug optional openssl-dbgsym_1.1.1-1ubuntu2.1~18.04.21_i386.ddeb bef98b746bfa0d1c41156b5c2792f67d 7565 utils optional openssl_1.1.1-1ubuntu2.1~18.04.21_i386.buildinfo 99c17942fc1ee96ec90ec729390540c7 626556 utils optional openssl_1.1.1-1ubuntu2.1~18.04.21_i386.deb 723b724fbba40d660efb51458b4a2349 26560 raw-translations - openssl_1.1.1-1ubuntu2.1~18.04.21_i386_translations.tar.gz Original-Maintainer: Debian OpenSSL Team