Format: 1.8 Date: Mon, 02 Jun 2014 14:05:34 -0400 Source: openssl Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg Architecture: armel armel_translations Version: 1.0.1-4ubuntu5.14 Distribution: precise Urgency: medium Maintainer: Ubuntu/armhf Build Daemon Changed-By: Marc Deslauriers Description: libcrypto1.0.0-udeb - crypto shared library - udeb (udeb) libssl-dev - SSL development libraries, header files and documentation libssl-doc - SSL development documentation documentation libssl1.0.0 - SSL shared libraries libssl1.0.0-dbg - Symbol tables for libssl and libcrypto libssl1.0.0-udeb - ssl shared library - udeb (udeb) openssl - Secure Socket Layer (SSL) binary and related cryptographic tools Changes: openssl (1.0.1-4ubuntu5.14) precise-security; urgency=medium . * SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment - debian/patches/CVE-2014-0195.patch: add consistency check for DTLS fragments in ssl/d1_both.c. - CVE-2014-0195 * SECURITY UPDATE: denial of service via DTLS recursion flaw - debian/patches/CVE-2014-0221.patch: handle DTLS hello request without recursion in ssl/d1_both.c. - CVE-2014-0221 * SECURITY UPDATE: MITM via change cipher spec - debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c, ssl/ssl3.h. - debian/patches/CVE-2014-0224-2.patch: don't accept zero length master secrets in ssl/s3_pkt.c. - debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in ssl/s3_clnt.c. - CVE-2014-0224 * SECURITY UPDATE: denial of service via ECDH null session cert - debian/patches/CVE-2014-3470.patch: check session_cert is not NULL before dereferencing it in ssl/s3_clnt.c. - CVE-2014-3470 Checksums-Sha1: f7149b9464bea1d9555ba76732f55ff808f31130 518572 openssl_1.0.1-4ubuntu5.14_armel.deb 6fdab19a424294fd515ba4c1417b7b5adbe07bfa 802782 libssl1.0.0_1.0.1-4ubuntu5.14_armel.deb ac18e9e00ed4bb67d0803672449308c1dc9f21d8 574570 libcrypto1.0.0-udeb_1.0.1-4ubuntu5.14_armel.udeb 3b7cfe6e5b30ef171346bff2d10ca5d2b4ee6e81 123010 libssl1.0.0-udeb_1.0.1-4ubuntu5.14_armel.udeb defcce289d8a766a5c6231b62a20147ab00f5efb 1264084 libssl-dev_1.0.1-4ubuntu5.14_armel.deb 8b294ebaa0673e1ad4bff82faed09995a17c6b4c 2057182 libssl1.0.0-dbg_1.0.1-4ubuntu5.14_armel.deb 76746c640797b8c7492446eec417e85709b608d0 18760 openssl_1.0.1-4ubuntu5.14_armel_translations.tar.gz Checksums-Sha256: 6d51927d0c04af81660be8d62b79816dda452132d78b321628ea4083c00145c4 518572 openssl_1.0.1-4ubuntu5.14_armel.deb fa0cc79fac165bfc6d6bc215e65ef44087934b8c2179c2e5e287571c3d1a919f 802782 libssl1.0.0_1.0.1-4ubuntu5.14_armel.deb f7909306eeaa5dc6a405d28a3950c1c6487350c3149462c3753232a7711efcb1 574570 libcrypto1.0.0-udeb_1.0.1-4ubuntu5.14_armel.udeb 0f3480db8de7d03f5a6fbd8adfbe2626dd4e0b732eb300d4f36b8a3becef32ae 123010 libssl1.0.0-udeb_1.0.1-4ubuntu5.14_armel.udeb 7b782dc10b3ab0f86440516515659014239f53e144eee15948c73d956559acf9 1264084 libssl-dev_1.0.1-4ubuntu5.14_armel.deb 48c4e0a73176f7e54c4089882e4e4f701b3a5b4b2296bf11f965f317b5edd720 2057182 libssl1.0.0-dbg_1.0.1-4ubuntu5.14_armel.deb c723f0fbc0127812da426b0697a5652a267ea165a1736c3342be1ce1074cbb97 18760 openssl_1.0.1-4ubuntu5.14_armel_translations.tar.gz Files: 005d24aab278d64a88cf9c865a0e8cf3 518572 utils optional openssl_1.0.1-4ubuntu5.14_armel.deb aba20089b957972c8c91305d5c14ab62 802782 libs important libssl1.0.0_1.0.1-4ubuntu5.14_armel.deb 0f7d20383445b27f6056f748291700f5 574570 debian-installer optional libcrypto1.0.0-udeb_1.0.1-4ubuntu5.14_armel.udeb 9542f0e49379340c4f72f3ba29cffae4 123010 debian-installer optional libssl1.0.0-udeb_1.0.1-4ubuntu5.14_armel.udeb ad99a5510af94293d4f3f712e9ed050a 1264084 libdevel optional libssl-dev_1.0.1-4ubuntu5.14_armel.deb ca2c03a330f05bda096c6961a4b8278f 2057182 debug extra libssl1.0.0-dbg_1.0.1-4ubuntu5.14_armel.deb a9c04c1ce99a8a3ceed2370cc833472a 18760 raw-translations - openssl_1.0.1-4ubuntu5.14_armel_translations.tar.gz Original-Maintainer: Debian OpenSSL Team Package-Type: udeb