Format: 1.8
Date: Thu, 22 Sep 2016 08:22:22 -0400
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: powerpc powerpc_translations
Version: 1.0.2g-1ubuntu4.4
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@denneed04.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.0.0-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.0.2g-1ubuntu4.4) xenial-security; urgency=medium
 .
   * SECURITY UPDATE: Pointer arithmetic undefined behaviour
     - debian/patches/CVE-2016-2177.patch: avoid undefined pointer
       arithmetic in ssl/s3_srvr.c, ssl/ssl_sess.c, ssl/t1_lib.c.
     - CVE-2016-2177
   * SECURITY UPDATE: Constant time flag not preserved in DSA signing
     - debian/patches/CVE-2016-2178-*.patch: preserve BN_FLG_CONSTTIME in
       crypto/dsa/dsa_ossl.c.
     - CVE-2016-2178
   * SECURITY UPDATE: DTLS buffered message DoS
     - debian/patches/CVE-2016-2179.patch: fix queue handling in
       ssl/d1_both.c, ssl/d1_clnt.c, ssl/d1_lib.c, ssl/d1_srvr.c,
       ssl/ssl_locl.h.
     - CVE-2016-2179
   * SECURITY UPDATE: OOB read in TS_OBJ_print_bio()
     - debian/patches/CVE-2016-2180.patch: fix text handling in
       crypto/ts/ts_lib.c.
     - CVE-2016-2180
   * SECURITY UPDATE: DTLS replay protection DoS
     - debian/patches/CVE-2016-2181-1.patch: properly handle unprocessed
       records in ssl/d1_pkt.c.
     - debian/patches/CVE-2016-2181-2.patch: protect against replay attacks
       in ssl/d1_pkt.c, ssl/ssl.h, ssl/ssl_err.c.
     - debian/patches/CVE-2016-2181-3.patch: update error code in ssl/ssl.h.
     - CVE-2016-2181
   * SECURITY UPDATE: OOB write in BN_bn2dec()
     - debian/patches/CVE-2016-2182.patch: don't overflow buffer in
       crypto/bn/bn_print.c.
     - CVE-2016-2182
   * SECURITY UPDATE: SWEET32 Mitigation
     - debian/patches/CVE-2016-2183.patch: move DES ciphersuites from HIGH
       to MEDIUM in ssl/s3_lib.c.
     - CVE-2016-2183
   * SECURITY UPDATE: Malformed SHA512 ticket DoS
     - debian/patches/CVE-2016-6302.patch: sanity check ticket length in
       ssl/t1_lib.c.
     - CVE-2016-6302
   * SECURITY UPDATE: OOB write in MDC2_Update()
     - debian/patches/CVE-2016-6303.patch: avoid overflow in
       crypto/mdc2/mdc2dgst.c.
     - CVE-2016-6303
   * SECURITY UPDATE: OCSP Status Request extension unbounded memory growth
     - debian/patches/CVE-2016-6304.patch: remove OCSP_RESPIDs from previous
       handshake in ssl/t1_lib.c.
     - CVE-2016-6304
   * SECURITY UPDATE: Certificate message OOB reads
     - debian/patches/CVE-2016-6306-1.patch: check lengths in ssl/s3_clnt.c,
       ssl/s3_srvr.c.
     - debian/patches/CVE-2016-6306-2.patch: make message buffer slightly
       larger in ssl/d1_both.c, ssl/s3_both.c.
     - CVE-2016-6306
Checksums-Sha1:
 8bdfcf7e0bc4f707748bb2f299bde1d1bb07c5d3 936 libcrypto1.0.0-udeb-dbgsym_1.0.2g-1ubuntu4.4_powerpc.ddeb
 67b6f5321df6ded6a3c8633765499ad592a23474 523270 libcrypto1.0.0-udeb_1.0.2g-1ubuntu4.4_powerpc.udeb
 bc69dfc55f75c4463ed9909f6496ecb392f38b06 926 libssl-dev-dbgsym_1.0.2g-1ubuntu4.4_powerpc.ddeb
 e1101c007380b9575b0be82d652caefda3d913b6 985306 libssl-dev_1.0.2g-1ubuntu4.4_powerpc.deb
 fcbb3599c3212a98577c49cd21244a6ddd528b5b 2734518 libssl1.0.0-dbg_1.0.2g-1ubuntu4.4_powerpc.deb
 8c725ed8b6e1eab565701a5dc290b224cf6294e3 904 libssl1.0.0-dbgsym_1.0.2g-1ubuntu4.4_powerpc.ddeb
 6894de4d8d145128815e7e582cce1e001f81511f 820 libssl1.0.0-udeb-dbgsym_1.0.2g-1ubuntu4.4_powerpc.ddeb
 096ff1709805910aeb82da0b1fc4b1b9b86eb2c6 117406 libssl1.0.0-udeb_1.0.2g-1ubuntu4.4_powerpc.udeb
 55aebcb94de3332772039d5bbd63f525ea1b4c19 721134 libssl1.0.0_1.0.2g-1ubuntu4.4_powerpc.deb
 67bc5c92594f4dbca10e143b6242c4850a5ddf9f 1056 openssl-dbgsym_1.0.2g-1ubuntu4.4_powerpc.ddeb
 8b6dc9c0241c363fada55361c093f9390ffa7e63 465534 openssl_1.0.2g-1ubuntu4.4_powerpc.deb
 4dde9f9d761fd6c0be5f6f96ff82db52391a62e3 19991 openssl_1.0.2g-1ubuntu4.4_powerpc_translations.tar.gz
Checksums-Sha256:
 7cf4ec4b22313d84f15d53619ab1b8bdc7225b6e243a6993b6e1523d1d1e16db 936 libcrypto1.0.0-udeb-dbgsym_1.0.2g-1ubuntu4.4_powerpc.ddeb
 b58a6186a6fcd18eb9e0e7c220282675b55b8f1695d6f69e702d866ae3350b46 523270 libcrypto1.0.0-udeb_1.0.2g-1ubuntu4.4_powerpc.udeb
 979afbfa7d6fc1b427f6699534c00ea3e8508900ca3fd127d59c2f0c86b53e8d 926 libssl-dev-dbgsym_1.0.2g-1ubuntu4.4_powerpc.ddeb
 55d9c0f48a25efaa28d3541e8cb3908a9d6eda4899ae31294f43dc4f899c431b 985306 libssl-dev_1.0.2g-1ubuntu4.4_powerpc.deb
 3aa1582b446754655e370a9f6019da5aafec996601ff65894473efbb699dcb72 2734518 libssl1.0.0-dbg_1.0.2g-1ubuntu4.4_powerpc.deb
 fc6c4cc1c3db169ca992a3f833ea827e448cb31b84a5d7028a6d2dd1426b8f6c 904 libssl1.0.0-dbgsym_1.0.2g-1ubuntu4.4_powerpc.ddeb
 bf771174e717a3f90b820835dbfe74747b75f010b2bca563f296094ca6d14839 820 libssl1.0.0-udeb-dbgsym_1.0.2g-1ubuntu4.4_powerpc.ddeb
 8ed34710194d3bcfe03ca44dea6b0ac4e9f29f361024b2b2cfeb69b935159dad 117406 libssl1.0.0-udeb_1.0.2g-1ubuntu4.4_powerpc.udeb
 e3bd22e585c0bc4902288259e9fe0cd6758688d2935f217935e4d1c2a04ccac9 721134 libssl1.0.0_1.0.2g-1ubuntu4.4_powerpc.deb
 672115cfea6e632d3656d7b15714b0c00f7c1bf13f8ea6d041b9724646334090 1056 openssl-dbgsym_1.0.2g-1ubuntu4.4_powerpc.ddeb
 187634308bc25db80605518c766e8fd2edb951292a352e6b741b3804ce8ab527 465534 openssl_1.0.2g-1ubuntu4.4_powerpc.deb
 452cc22123274b3ccff1ccb0f81cb6e098b7ab48ad924b009dff79e306d637b1 19991 openssl_1.0.2g-1ubuntu4.4_powerpc_translations.tar.gz
Files:
 1977eb2868b1c345f07bc31086ea05da 936 debian-installer extra libcrypto1.0.0-udeb-dbgsym_1.0.2g-1ubuntu4.4_powerpc.ddeb
 a77647a7b49132c8afb6d5eb251fc340 523270 debian-installer optional libcrypto1.0.0-udeb_1.0.2g-1ubuntu4.4_powerpc.udeb
 bfcd670ad383d937c0025e4a1a049ae9 926 libdevel extra libssl-dev-dbgsym_1.0.2g-1ubuntu4.4_powerpc.ddeb
 c18a20ee88f978656cb42d05f8b8820a 985306 libdevel optional libssl-dev_1.0.2g-1ubuntu4.4_powerpc.deb
 0dc47c31668d598fa5e128f502bb6eb2 2734518 debug extra libssl1.0.0-dbg_1.0.2g-1ubuntu4.4_powerpc.deb
 f99fa06c278bb8015a160cd532bdc127 904 libs extra libssl1.0.0-dbgsym_1.0.2g-1ubuntu4.4_powerpc.ddeb
 e134ac4304b3f883c5f58f4d343b741b 820 debian-installer extra libssl1.0.0-udeb-dbgsym_1.0.2g-1ubuntu4.4_powerpc.ddeb
 3055ca0c38f29af584f381254a7a1829 117406 debian-installer optional libssl1.0.0-udeb_1.0.2g-1ubuntu4.4_powerpc.udeb
 adfa7e5bce143f4126b0904a5051d090 721134 libs important libssl1.0.0_1.0.2g-1ubuntu4.4_powerpc.deb
 56c0d9e581390c8145307c3863edb12f 1056 utils extra openssl-dbgsym_1.0.2g-1ubuntu4.4_powerpc.ddeb
 4b19404a58865e19fc5596c4dfd749fe 465534 utils optional openssl_1.0.2g-1ubuntu4.4_powerpc.deb
 a3a2ab24f3063b447818f176e4770daf 19991 raw-translations - openssl_1.0.2g-1ubuntu4.4_powerpc_translations.tar.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Package-Type: udeb