Debian
openssl package

openssl 3.0.3-1 source package in Debian

Changelog

openssl (3.0.3-1) experimental; urgency=medium

  * Import 3.0.3
    - CVE-2022-1292 (The c_rehash script allows command injection).
    - CVE-2022-1343 (OCSP_basic_verify may incorrectly verify the response
      signing certificate).
    - CVE-2022-1434 (Incorrect MAC key used in the RC4-MD5 ciphersuite).
    - CVE-2022-1473 (Resource leakage when decoding certificates and keys).
    - Add new symbols.
  * Correct the openssl.cnf to provide proper default configuration. Thanks to
    Matthias Blümel (Closes: #1010360).
  * Use a separator in the CipherString in openssl.cnf (Closes: #948800).
  * Remove the postinst script which was used to restart daemons after a
    library upgrade. It is not updated and essentially dead code. Users are
    advised to switch to checkrestart/ needrestart or a similar service.
    Thanks to Helmut Grohne (Closes: #983722).

 -- Sebastian Andrzej Siewior <email address hidden>  Fri, 06 May 2022 22:21:52 +0200

Upload details

Uploaded by:
Debian OpenSSL Team
Uploaded to:
Experimental
Original maintainer:
Debian OpenSSL Team
Architectures:
any all
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
openssl_3.0.3-1.dsc 2.6 KiB 7cc5c615c5d270ffc7425fe62486edf84057439b3d208b88892b2978ca7dec27
openssl_3.0.3.orig.tar.gz 14.4 MiB ee0078adcef1de5f003c62c80cc96527721609c6f3bb42b7795df31f8b558c0b
openssl_3.0.3.orig.tar.gz.asc 488 bytes 3518d826c0758ab218a318cf5f2d44abe9191d85fb598e830120def6e575cd4b
openssl_3.0.3-1.debian.tar.xz 66.5 KiB 2d063fc062e9feffc3212845cc9a96d42a102e14bb39eefab10b538593838f7d

No changes file available.

Binary packages built by this source