Format: 1.8 Date: Tue, 31 Jan 2012 01:37:33 -0800 Source: openssl Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl0.9.8-udeb libssl-dev libssl0.9.8-dbg Architecture: amd64 amd64_translations Version: 0.9.8o-1ubuntu4.6 Distribution: maverick Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Steve Beattie Description: libcrypto0.9.8-udeb - crypto shared library - udeb (udeb) libssl-dev - SSL development libraries, header files and documentation libssl0.9.8 - SSL shared libraries libssl0.9.8-dbg - Symbol tables for libssl and libcrypto libssl0.9.8-udeb - ssl shared library - udeb (udeb) openssl - Secure Socket Layer (SSL) binary and related cryptographic tools openssl-doc - Secure Socket Layer (SSL) documentation Launchpad-Bugs-Fixed: 244250 Changes: openssl (0.9.8o-1ubuntu4.6) maverick-security; urgency=low . * SECURITY UPDATE: ECDSA private key timing attack - debian/patches/CVE-2011-1945.patch: compute with fixed scalar length - CVE-2011-1945 * SECURITY UPDATE: ECDH ciphersuite denial of service - debian/patches/CVE-2011-3210.patch: fix memory usage for thread safety - CVE-2011-3210 * SECURITY UPDATE: DTLS plaintext recovery attack - debian/patches/CVE-2011-4108.patch: perform all computations before discarding messages - CVE-2011-4108 * SECURITY UPDATE: policy check double free vulnerability - debian/patches/CVE-2011-4019.patch: only free domain policyin one location - CVE-2011-4019 * SECURITY UPDATE: SSL 3.0 block padding exposure - debian/patches/CVE-2011-4576.patch: clear bytes used for block padding of SSL 3.0 records. - CVE-2011-4576 * SECURITY UPDATE: malformed RFC 3779 data denial of service attack - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779 data from triggering an assertion failure - CVE-2011-4577 * SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake restart for SSL/TLS. - CVE-2011-4619 * SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC - CVE-2012-0050 * debian/patches/openssl-fix_ECDSA_tests.patch: fix ECDSA tests * debian/libssl0.9.8.postinst: Only issue the reboot notification for servers by testing that the X server is not running (LP: #244250) Checksums-Sha1: 052f654940455fafd1a8b1f99ac90a272e01ed04 406006 openssl_0.9.8o-1ubuntu4.6_amd64.deb aa18441a207937576ab148aee517f87936491f54 923828 libssl0.9.8_0.9.8o-1ubuntu4.6_amd64.deb af7a30363b1f0beea1e16aee9871572907609e7b 620346 libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.6_amd64.udeb 84268bdda2e883cdc27972ff799774229c59bfb4 137518 libssl0.9.8-udeb_0.9.8o-1ubuntu4.6_amd64.udeb c55cc56403ce36212466ad41abf2fda54873225a 2150186 libssl-dev_0.9.8o-1ubuntu4.6_amd64.deb 85d53229788fd8d9c193a53f3690caf56e4dca96 1550906 libssl0.9.8-dbg_0.9.8o-1ubuntu4.6_amd64.deb f9b59368c74d35434156417d3e7853b533c7dfd6 18766 openssl_0.9.8o-1ubuntu4.6_amd64_translations.tar.gz Checksums-Sha256: 154d7c5703e3c11ac426f613bec56c96ae448d84484b218e6bf7b55421d52061 406006 openssl_0.9.8o-1ubuntu4.6_amd64.deb aff23bcce72e0aecb17ebe6512c43217d7fe3ea625ac65ebc4522bc2b842dde9 923828 libssl0.9.8_0.9.8o-1ubuntu4.6_amd64.deb 27063b8972838ec13e241cbdbc0bd091570c7187abc07394b1a6e3f6969b4666 620346 libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.6_amd64.udeb 5cabc82f5166def65e546cf1a7082ab96867fe32962046a237cd2785ebb5b8a6 137518 libssl0.9.8-udeb_0.9.8o-1ubuntu4.6_amd64.udeb 84ee8f4192c3b9f15db4738e121746e2222fc102acb20ebe29ed77768961ff06 2150186 libssl-dev_0.9.8o-1ubuntu4.6_amd64.deb ae721a050a79b45eba63f4e4186cf1879f28ba1534c854de20968fce387f398c 1550906 libssl0.9.8-dbg_0.9.8o-1ubuntu4.6_amd64.deb 89ea960ebfa938c6d0cf15e9c87f6876aad6a9813d0c04afbb2ce717be30c467 18766 openssl_0.9.8o-1ubuntu4.6_amd64_translations.tar.gz Files: d519333ecd070dd4930e8244de19b1d1 406006 utils optional openssl_0.9.8o-1ubuntu4.6_amd64.deb 6ec09ffb5277a584fc6291208ff7a6de 923828 libs important libssl0.9.8_0.9.8o-1ubuntu4.6_amd64.deb a07017b43916f6f1078a70b57a536b0f 620346 debian-installer optional libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.6_amd64.udeb d9e3d56e6f07a8ca820da9b3fced8825 137518 debian-installer optional libssl0.9.8-udeb_0.9.8o-1ubuntu4.6_amd64.udeb 9a89deb0cfbd24eb4c8b614d50f945ef 2150186 libdevel optional libssl-dev_0.9.8o-1ubuntu4.6_amd64.deb 1021fafadd4b3e54f330a2acd3147258 1550906 debug extra libssl0.9.8-dbg_0.9.8o-1ubuntu4.6_amd64.deb e153e084fc90c3a7076b5bad6708c1d2 18766 raw-translations - openssl_0.9.8o-1ubuntu4.6_amd64_translations.tar.gz Original-Maintainer: Debian OpenSSL Team Package-Type: udeb