Format: 1.8
Date: Thu, 07 Aug 2014 08:03:21 -0400
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: ppc64el ppc64el_translations
Version: 1.0.1f-1ubuntu2.5
Distribution: trusty
Urgency: medium
Maintainer: Ubuntu Build Daemon <buildd@denneed02.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.0.0-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Changes: 
 openssl (1.0.1f-1ubuntu2.5) trusty-security; urgency=medium
 .
   * SECURITY UPDATE: double free when processing DTLS packets
     - debian/patches/CVE-2014-3505.patch: fix double free in ssl/d1_both.c.
     - CVE-2014-3505
   * SECURITY UPDATE: DTLS memory exhaustion
     - debian/patches/CVE-2014-3506.patch: fix DTLS handshake message size
       checks in ssl/d1_both.c.
     - CVE-2014-3506
   * SECURITY UPDATE: DTLS memory leak from zero-length fragments
     - debian/patches/CVE-2014-3507.patch: fix memory leak and return codes
       in ssl/d1_both.c.
     - CVE-2014-3507
   * SECURITY UPDATE: information leak in pretty printing functions
     - debian/patches/CVE-2014-3508.patch: fix OID handling in
       crypto/asn1/a_object.c, crypto/objects/obj_dat.c.
     - CVE-2014-3508
   * SECURITY UPDATE: race condition in ssl_parse_serverhello_tlsext
     - debian/patches/CVE-2014-3509.patch: fix race in ssl/t1_lib.c.
     - CVE-2014-3509
   * SECURITY UPDATE: DTLS anonymous EC(DH) denial of service
     - debian/patches/CVE-2014-3510.patch: check for server certs in
       ssl/d1_clnt.c, ssl/s3_clnt.c.
     - CVE-2014-3510
   * SECURITY UPDATE: TLS protocol downgrade attack
     - debian/patches/CVE-2014-3511.patch: properly handle fragments in
       ssl/s23_srvr.c.
     - CVE-2014-3511
   * SECURITY UPDATE: SRP buffer overrun
     - debian/patches/CVE-2014-3512.patch: check parameters in
       crypto/srp/srp_lib.c.
     - CVE-2014-3512
   * SECURITY UPDATE: crash with SRP ciphersuite in Server Hello message
     - debian/patches/CVE-2014-5139.patch: fix SRP authentication and make
       sure ciphersuite is set up correctly in ssl/s3_clnt.c, ssl/ssl_lib.c,
       ssl/s3_lib.c, ssl/ssl.h, ssl/ssl_ciph.c, ssl/ssl_locl.h.
     - CVE-2014-5139
Checksums-Sha1: 
 2e74515ff01db5f7c97e5687512fdd4ff58ba558 478494 openssl_1.0.1f-1ubuntu2.5_ppc64el.deb
 e07496cadcb262b77be1fa07b310583fc1377d4a 763712 libssl1.0.0_1.0.1f-1ubuntu2.5_ppc64el.deb
 a6e99da0359fbbad60853af265068b6cb66a9104 558782 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.5_ppc64el.udeb
 911c1d6bb39c80eae3d30d91c83e1fc6592f2971 116724 libssl1.0.0-udeb_1.0.1f-1ubuntu2.5_ppc64el.udeb
 b7b3b14fc6e0d99ee532c67c1964a1405dcafa4b 1104538 libssl-dev_1.0.1f-1ubuntu2.5_ppc64el.deb
 f19c9600a7caeb2f87a607d4048c5097762b3725 2855660 libssl1.0.0-dbg_1.0.1f-1ubuntu2.5_ppc64el.deb
 5969ca7de2c92715f5ac888d52170c22be93d95e 20440 openssl_1.0.1f-1ubuntu2.5_ppc64el_translations.tar.gz
Checksums-Sha256: 
 aebd6cfa3ecf5136762ed9b27843aa5ae2ef273126e3452287d593509654d528 478494 openssl_1.0.1f-1ubuntu2.5_ppc64el.deb
 5c57f30424a061785bf5fea72ef4b7c822d0b0440d2b12ea0d56137113831980 763712 libssl1.0.0_1.0.1f-1ubuntu2.5_ppc64el.deb
 6389d7bb9685aac308dba2ea5fdfff81a1ccb822d78f5c4f52af962338ca6a0b 558782 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.5_ppc64el.udeb
 8213bf3d8eac512c498bc3ed8fa910bb78a4c18311169519e795d208d712e224 116724 libssl1.0.0-udeb_1.0.1f-1ubuntu2.5_ppc64el.udeb
 e7698eccd34748437d0b842baa4636e3770f9e00ca025977c4feb4744c3c27ab 1104538 libssl-dev_1.0.1f-1ubuntu2.5_ppc64el.deb
 e514aca62632aa0095a1c49faff780f8a8ed52242b57ad53c1a1963f0b8d93da 2855660 libssl1.0.0-dbg_1.0.1f-1ubuntu2.5_ppc64el.deb
 5422f7a5b6bf4e755cba1ea163b1c8833e49bf7e777a7565a97971290a50386f 20440 openssl_1.0.1f-1ubuntu2.5_ppc64el_translations.tar.gz
Files: 
 65162a385d3f6d7b419dd443a92963d9 478494 utils optional openssl_1.0.1f-1ubuntu2.5_ppc64el.deb
 902f769013e61fedf2e626cb99aff360 763712 libs important libssl1.0.0_1.0.1f-1ubuntu2.5_ppc64el.deb
 3d8adae8f73712b5ae7c9e939a2d29f0 558782 debian-installer optional libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.5_ppc64el.udeb
 12e9720e5c3978dcce68521df979b6f2 116724 debian-installer optional libssl1.0.0-udeb_1.0.1f-1ubuntu2.5_ppc64el.udeb
 1fed727d39f701419ea98315f50b4f5f 1104538 libdevel optional libssl-dev_1.0.1f-1ubuntu2.5_ppc64el.deb
 ac9518ee6be7ad17617177221e8196ba 2855660 debug extra libssl1.0.0-dbg_1.0.1f-1ubuntu2.5_ppc64el.deb
 9bdb2716f9b4a951b7dcb99ae3d6086c 20440 raw-translations - openssl_1.0.1f-1ubuntu2.5_ppc64el_translations.tar.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Package-Type: udeb