Format: 1.8 Date: Fri, 09 Jan 2015 09:57:48 -0500 Source: openssl Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg Architecture: armhf armhf_translations Version: 1.0.1f-1ubuntu2.8 Distribution: trusty Urgency: medium Maintainer: Ubuntu/armhf Build Daemon Changed-By: Marc Deslauriers Description: libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information libssl1.0.0-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.0.1f-1ubuntu2.8) trusty-security; urgency=medium . * SECURITY UPDATE: denial of service via unexpected handshake when no-ssl3 build option is used (not the default) - debian/patches/CVE-2014-3569.patch: keep the old method for now in ssl/s23_srvr.c. - CVE-2014-3569 * SECURITY UPDATE: bignum squaring may produce incorrect results - debian/patches/CVE-2014-3570.patch: fix bignum logic in crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, crypto/bn/bn_asm.c, removed crypto/bn/asm/mips3.s, added test to crypto/bn/bntest.c. - CVE-2014-3570 * SECURITY UPDATE: DTLS segmentation fault in dtls1_get_record - debian/patches/CVE-2014-3571-1.patch: fix crash in ssl/d1_pkt.c, ssl/s3_pkt.c. - debian/patches/CVE-2014-3571-2.patch: make code more obvious in ssl/d1_pkt.c. - CVE-2014-3571 * SECURITY UPDATE: ECDHE silently downgrades to ECDH [Client] - debian/patches/CVE-2014-3572.patch: don't skip server key exchange in ssl/s3_clnt.c. - CVE-2014-3572 * SECURITY UPDATE: certificate fingerprints can be modified - debian/patches/CVE-2014-8275.patch: fix various fingerprint issues in crypto/asn1/a_bitstr.c, crypto/asn1/a_type.c, crypto/asn1/a_verify.c, crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/x_algor.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, crypto/x509/x509.h, crypto/x509/x_all.c. - CVE-2014-8275 * SECURITY UPDATE: RSA silently downgrades to EXPORT_RSA [Client] - debian/patches/CVE-2015-0204.patch: only allow ephemeral RSA keys in export ciphersuites in ssl/d1_srvr.c, ssl/s3_clnt.c, ssl/s3_srvr.c, ssl/ssl.h, adjust documentation in doc/ssl/SSL_CTX_set_options.pod, doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod. - CVE-2015-0204 * SECURITY UPDATE: DH client certificates accepted without verification - debian/patches/CVE-2015-0205.patch: prevent use of DH client certificates without sending certificate verify message in ssl/s3_srvr.c. - CVE-2015-0205 * SECURITY UPDATE: DTLS memory leak in dtls1_buffer_record - debian/patches/CVE-2015-0206.patch: properly handle failures in ssl/d1_pkt.c. - CVE-2015-0206 Checksums-Sha1: 44caaf483b124e219853a6614b3f9fa39d75724f 488330 openssl_1.0.1f-1ubuntu2.8_armhf.deb 15a5439327262f487a1b35a31f53c0ee5faad878 657538 libssl1.0.0_1.0.1f-1ubuntu2.8_armhf.deb 4792f3ccfff1e9db3f775a04a505b29487f1576e 471274 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.8_armhf.udeb 011c501d0ca5c4edff1b0073929c84f18e0308da 102590 libssl1.0.0-udeb_1.0.1f-1ubuntu2.8_armhf.udeb e1e273dc8af876b7b1361cbe01329dfe3736beb6 908158 libssl-dev_1.0.1f-1ubuntu2.8_armhf.deb 7666c7f63bdd948ce0604c4dfc7695cb13bfb2f3 2534870 libssl1.0.0-dbg_1.0.1f-1ubuntu2.8_armhf.deb 49265511dc2eb726e495db4d596951d5d344da60 20247 openssl_1.0.1f-1ubuntu2.8_armhf_translations.tar.gz Checksums-Sha256: b38d3e925a7b34d664abe1f3c9d27967ee0816232195cc66eb7dd18a0792c2c5 488330 openssl_1.0.1f-1ubuntu2.8_armhf.deb 58d5044c4e660e2e977682bca5628d59d6b184f7e5eb6e82cf0ce9dee1ac6d78 657538 libssl1.0.0_1.0.1f-1ubuntu2.8_armhf.deb 8db0233c66bd900d69faef80b8e2c76b0cce3558fe94aba14a21d872f38e48fc 471274 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.8_armhf.udeb b2bf47fea93f17202041b51cea59139601636a84cffe6c5e1875576a9ea9453f 102590 libssl1.0.0-udeb_1.0.1f-1ubuntu2.8_armhf.udeb 118cc4e770ffd10262a904cd894ed84c026e4f9c96295d7b834d825ae751bf39 908158 libssl-dev_1.0.1f-1ubuntu2.8_armhf.deb 44249487af48c35d0e28ce09ac7cf7c1ec7c3967da726a6717c4e92ef21cc88d 2534870 libssl1.0.0-dbg_1.0.1f-1ubuntu2.8_armhf.deb e9b346154154a207e787dfd254b0574d2e2c356875dd9c553c7f85d074bcc353 20247 openssl_1.0.1f-1ubuntu2.8_armhf_translations.tar.gz Files: 938da31be02dae561556b9685a72e4fd 488330 utils optional openssl_1.0.1f-1ubuntu2.8_armhf.deb ddf4f694006164e82ecd2cde414db4de 657538 libs important libssl1.0.0_1.0.1f-1ubuntu2.8_armhf.deb 86bae7f62b040f6d49d2001d29c2f549 471274 debian-installer optional libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.8_armhf.udeb 8b3db7ca176e51db017a04e9d13c1a45 102590 debian-installer optional libssl1.0.0-udeb_1.0.1f-1ubuntu2.8_armhf.udeb 01c1aa5d6e30b00fc17dfbcd10f51243 908158 libdevel optional libssl-dev_1.0.1f-1ubuntu2.8_armhf.deb d9e0355b6243c628abd981653163f385 2534870 debug extra libssl1.0.0-dbg_1.0.1f-1ubuntu2.8_armhf.deb c087c42b3f0752c395d14f14b29f6d3d 20247 raw-translations - openssl_1.0.1f-1ubuntu2.8_armhf_translations.tar.gz Original-Maintainer: Debian OpenSSL Team Package-Type: udeb