Format: 1.8
Date: Fri, 09 Jan 2015 08:04:57 -0500
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: i386 i386_translations
Version: 1.0.1f-1ubuntu10
Distribution: vivid-proposed
Urgency: medium
Maintainer: Ubuntu/amd64 Build Daemon <buildd@allspice.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.0.0-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.0.1f-1ubuntu10) vivid; urgency=medium
 .
   * SECURITY UPDATE: denial of service via unexpected handshake when
     no-ssl3 build option is used (not the default)
     - debian/patches/CVE-2014-3569.patch: keep the old method for now in
       ssl/s23_srvr.c.
     - CVE-2014-3569
   * SECURITY UPDATE: bignum squaring may produce incorrect results
     - debian/patches/CVE-2014-3570.patch: fix bignum logic in
       crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c,
       crypto/bn/bn_asm.c, removed crypto/bn/asm/mips3.s, added test to
       crypto/bn/bntest.c.
     - CVE-2014-3570
   * SECURITY UPDATE: DTLS segmentation fault in dtls1_get_record
     - debian/patches/CVE-2014-3571-1.patch: fix crash in ssl/d1_pkt.c,
       ssl/s3_pkt.c.
     - debian/patches/CVE-2014-3571-2.patch: make code more obvious in
       ssl/d1_pkt.c.
     - CVE-2014-3571
   * SECURITY UPDATE: ECDHE silently downgrades to ECDH [Client]
     - debian/patches/CVE-2014-3572.patch: don't skip server key exchange in
       ssl/s3_clnt.c.
     - CVE-2014-3572
   * SECURITY UPDATE: certificate fingerprints can be modified
     - debian/patches/CVE-2014-8275.patch: fix various fingerprint issues in
       crypto/asn1/a_bitstr.c, crypto/asn1/a_type.c, crypto/asn1/a_verify.c,
       crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/x_algor.c,
       crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, crypto/x509/x509.h,
       crypto/x509/x_all.c.
     - CVE-2014-8275
   * SECURITY UPDATE: RSA silently downgrades to EXPORT_RSA [Client]
     - debian/patches/CVE-2015-0204.patch: only allow ephemeral RSA keys in
       export ciphersuites in ssl/d1_srvr.c, ssl/s3_clnt.c, ssl/s3_srvr.c,
       ssl/ssl.h, adjust documentation in doc/ssl/SSL_CTX_set_options.pod,
       doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod.
     - CVE-2015-0204
   * SECURITY UPDATE: DH client certificates accepted without verification
     - debian/patches/CVE-2015-0205.patch: prevent use of DH client
       certificates without sending certificate verify message in
       ssl/s3_srvr.c.
     - CVE-2015-0205
   * SECURITY UPDATE: DTLS memory leak in dtls1_buffer_record
     - debian/patches/CVE-2015-0206.patch: properly handle failures in
       ssl/d1_pkt.c.
     - CVE-2015-0206
Checksums-Sha1:
 2a8f69d82b1e26793fc44c6d6c3278ca8d701452 502758 openssl_1.0.1f-1ubuntu10_i386.deb
 f3dd956482bed73d943da43c39d0fc34de1b7186 862290 libssl1.0.0_1.0.1f-1ubuntu10_i386.deb
 65da2cedf861533474ef0df140837b64e2a46a97 625346 libcrypto1.0.0-udeb_1.0.1f-1ubuntu10_i386.udeb
 fa4627e0e00bc0c21203bc42231fb03bf1c3c510 135780 libssl1.0.0-udeb_1.0.1f-1ubuntu10_i386.udeb
 018da0b1d0056b3efe1e6c98d696b60167613962 1072866 libssl-dev_1.0.1f-1ubuntu10_i386.deb
 450ee36598e35d8887dab5f1665d481185e58a6e 1962072 libssl1.0.0-dbg_1.0.1f-1ubuntu10_i386.deb
 dee6a4d6c092bd238b3003357a3fcce3bd72ba09 20452 openssl_1.0.1f-1ubuntu10_i386_translations.tar.gz
Checksums-Sha256:
 766f92fbd7eee53b555e940f5b344b3a2105a555721ce971fe892c2459a7bc67 502758 openssl_1.0.1f-1ubuntu10_i386.deb
 4af7791185004d2bda9106edf14de53d995013ba7d5a94f61999f01659d1ce8f 862290 libssl1.0.0_1.0.1f-1ubuntu10_i386.deb
 b8d48e8f069bc956eead9bdf089999ee2cf28ad4a66c33383e49a06b6a617d27 625346 libcrypto1.0.0-udeb_1.0.1f-1ubuntu10_i386.udeb
 400ed2b31f78799eeee80af232e4e6f5f1bc8d915901f428087fab82358895f8 135780 libssl1.0.0-udeb_1.0.1f-1ubuntu10_i386.udeb
 7532f23a97f37378de55c151bb5825c336aa2708cdf1a45b756c656b3113cd3f 1072866 libssl-dev_1.0.1f-1ubuntu10_i386.deb
 05afe22bc37c084f07e54aad3c5cd54f572f07369b6b35860f538c2adf489a9b 1962072 libssl1.0.0-dbg_1.0.1f-1ubuntu10_i386.deb
 4ad0b840e974f6aef0f8ef0d7016f415493416475c9c6d3aa4ba71e98739ae0c 20452 openssl_1.0.1f-1ubuntu10_i386_translations.tar.gz
Files:
 77e3035f754c3a0a4c73e749b26ac1b6 502758 utils optional openssl_1.0.1f-1ubuntu10_i386.deb
 c4e96b3d59b3f3e722bc23dff08b1266 862290 libs important libssl1.0.0_1.0.1f-1ubuntu10_i386.deb
 65e928b6905a844d9cfa1979b5cebf5d 625346 debian-installer optional libcrypto1.0.0-udeb_1.0.1f-1ubuntu10_i386.udeb
 3b4d2082309b051e0060e7d9d38046c7 135780 debian-installer optional libssl1.0.0-udeb_1.0.1f-1ubuntu10_i386.udeb
 f39bfd8817beb799381708f35e76c793 1072866 libdevel optional libssl-dev_1.0.1f-1ubuntu10_i386.deb
 6c0c588b69271ff27cbef04042ddb031 1962072 debug extra libssl1.0.0-dbg_1.0.1f-1ubuntu10_i386.deb
 9f5572f2136a0b986293dfb53ee0fe77 20452 raw-translations - openssl_1.0.1f-1ubuntu10_i386_translations.tar.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Package-Type: udeb