Format: 1.8 Date: Mon, 02 Jun 2014 14:04:18 -0400 Source: openssl Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg Architecture: armhf armhf_translations Version: 1.0.1e-3ubuntu1.4 Distribution: saucy Urgency: medium Maintainer: Ubuntu/armhf Build Daemon Changed-By: Marc Deslauriers Description: libcrypto1.0.0-udeb - crypto shared library - udeb (udeb) libssl-dev - SSL development libraries, header files and documentation libssl-doc - SSL development documentation documentation libssl1.0.0 - SSL shared libraries libssl1.0.0-dbg - Symbol tables for libssl and libcrypto libssl1.0.0-udeb - ssl shared library - udeb (udeb) openssl - Secure Socket Layer (SSL) binary and related cryptographic tools Changes: openssl (1.0.1e-3ubuntu1.4) saucy-security; urgency=medium . * SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment - debian/patches/CVE-2014-0195.patch: add consistency check for DTLS fragments in ssl/d1_both.c. - CVE-2014-0195 * SECURITY UPDATE: denial of service via DTLS recursion flaw - debian/patches/CVE-2014-0221.patch: handle DTLS hello request without recursion in ssl/d1_both.c. - CVE-2014-0221 * SECURITY UPDATE: MITM via change cipher spec - debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c, ssl/ssl3.h. - debian/patches/CVE-2014-0224-2.patch: don't accept zero length master secrets in ssl/s3_pkt.c. - debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in ssl/s3_clnt.c. - CVE-2014-0224 * SECURITY UPDATE: denial of service via ECDH null session cert - debian/patches/CVE-2014-3470.patch: check session_cert is not NULL before dereferencing it in ssl/s3_clnt.c. - CVE-2014-3470 Checksums-Sha1: db8a27288313e27185f72dfb83f1b62d8c8a9f93 521080 openssl_1.0.1e-3ubuntu1.4_armhf.deb 8b2c164015b7527d5de18398a62e98a268c9c4e2 807824 libssl1.0.0_1.0.1e-3ubuntu1.4_armhf.deb de45e7b8cfb34795fe84947fe1f9833c0c3fb33d 472150 libcrypto1.0.0-udeb_1.0.1e-3ubuntu1.4_armhf.udeb 3c924a7974b1dff3bd503e877fccfdcce88571ad 102184 libssl1.0.0-udeb_1.0.1e-3ubuntu1.4_armhf.udeb 463301e244260185f8605edcbac6b95f53986c6d 1288462 libssl-dev_1.0.1e-3ubuntu1.4_armhf.deb 5adf1faf210a254478423cfe0d036acc45777446 2627284 libssl1.0.0-dbg_1.0.1e-3ubuntu1.4_armhf.deb 7699fbe0f8f309c0100dffdd2b819dc72ecd97a5 20212 openssl_1.0.1e-3ubuntu1.4_armhf_translations.tar.gz Checksums-Sha256: 09b20e40b994ab56ea9d0b2d36529dbb88205b8c324e82229fe9498624a5376a 521080 openssl_1.0.1e-3ubuntu1.4_armhf.deb 85e16e64076166b00db9e6fdee2cb2d114c8eb8b46d6f824a5bbc4610c8b1efc 807824 libssl1.0.0_1.0.1e-3ubuntu1.4_armhf.deb 2db1a02cb576f973d0a8ffc5f4979d5f21eac4e2cce6d9a432d5d3f75780c3db 472150 libcrypto1.0.0-udeb_1.0.1e-3ubuntu1.4_armhf.udeb ef833533788957ca70c6785001011e5f73c28e9e8c5efd9c08072e8b0d73d227 102184 libssl1.0.0-udeb_1.0.1e-3ubuntu1.4_armhf.udeb 58dc0c33792f054cd45762cd831b7d857b800d924d79c99e0e9a274e039a9813 1288462 libssl-dev_1.0.1e-3ubuntu1.4_armhf.deb b5e8a32355a8be7a1602778db8de54a4554bdd80fc9d9035a2a4cbf86f94b0c4 2627284 libssl1.0.0-dbg_1.0.1e-3ubuntu1.4_armhf.deb 080d5ef744809eb78e8a7c84b08a3bcfb0cb68fa2bec1b5076d50ff61e1c9b91 20212 openssl_1.0.1e-3ubuntu1.4_armhf_translations.tar.gz Files: 4e74006f00ae54698038666eede6195e 521080 utils optional openssl_1.0.1e-3ubuntu1.4_armhf.deb e25e50a3308c1ae2d6aa417deea446eb 807824 libs important libssl1.0.0_1.0.1e-3ubuntu1.4_armhf.deb 8e7b652320865a2cd424263fa70f5172 472150 debian-installer optional libcrypto1.0.0-udeb_1.0.1e-3ubuntu1.4_armhf.udeb 2bad0861ad025a0560fb5e057c8342aa 102184 debian-installer optional libssl1.0.0-udeb_1.0.1e-3ubuntu1.4_armhf.udeb 2caee79067dcb044fa2a12b140ae6107 1288462 libdevel optional libssl-dev_1.0.1e-3ubuntu1.4_armhf.deb dc733546efea8bccf32041df5f27dc35 2627284 debug extra libssl1.0.0-dbg_1.0.1e-3ubuntu1.4_armhf.deb d47c519a9b3120ef9b99328817589f81 20212 raw-translations - openssl_1.0.1e-3ubuntu1.4_armhf_translations.tar.gz Original-Maintainer: Debian OpenSSL Team Package-Type: udeb