Format: 1.8 Date: Thu, 19 Mar 2015 10:04:30 -0400 Source: openssl Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg Architecture: amd64 amd64_translations Version: 1.0.1f-1ubuntu2.11 Distribution: trusty Urgency: medium Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Marc Deslauriers Description: libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information libssl1.0.0-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.0.1f-1ubuntu2.11) trusty-security; urgency=medium . * SECURITY UPDATE: denial of service and possible memory corruption via malformed EC private key - debian/patches/CVE-2015-0209.patch: fix use after free in crypto/ec/ec_asn1.c. - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c. - CVE-2015-0209 * SECURITY UPDATE: denial of service via cert verification - debian/patches/CVE-2015-0286.patch: handle boolean types in crypto/asn1/a_type.c. - CVE-2015-0286 * SECURITY UPDATE: ASN.1 structure reuse memory corruption - debian/patches/CVE-2015-0287.patch: free up structures in crypto/asn1/tasn_dec.c. - CVE-2015-0287 * SECURITY UPDATE: denial of service via invalid certificate key - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in crypto/x509/x509_req.c. - CVE-2015-0288 * SECURITY UPDATE: denial of service and possible code execution via PKCS#7 parsing - debian/patches/CVE-2015-0289.patch: handle missing content in crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c. - CVE-2015-0289 * SECURITY UPDATE: denial of service or memory corruption via base64 decoding - debian/patches/CVE-2015-0292.patch: prevent underflow in crypto/evp/encode.c. - CVE-2015-0292 * SECURITY UPDATE: denial of service via assert in SSLv2 servers - debian/patches/CVE-2015-0293.patch: check key lengths in ssl/s2_lib.c, ssl/s2_srvr.c. - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in ssl/s2_srvr.c. - CVE-2015-0293 Checksums-Sha1: 8cc2777ace5bb0a5c7a0e4452c15c9b08e79f7b4 488422 openssl_1.0.1f-1ubuntu2.11_amd64.deb f7bf87464685ac4fdf07926343fcfbd6a7bc1654 827238 libssl1.0.0_1.0.1f-1ubuntu2.11_amd64.deb c2b95247ee3806cb74af3f5aecc5825b1d2475d3 614642 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.11_amd64.udeb 781a7bbf2df8476bb72bcb3445dee5e6b86a6a98 123554 libssl1.0.0-udeb_1.0.1f-1ubuntu2.11_amd64.udeb 7b3dad872a5f48d6d1de1113bb4f369128f9dea7 1072300 libssl-dev_1.0.1f-1ubuntu2.11_amd64.deb ef145315813292dde945ecd1886f4492ae70ea8c 2657160 libssl1.0.0-dbg_1.0.1f-1ubuntu2.11_amd64.deb cffc4505d9bd23f05a481f204827347314e14da6 20243 openssl_1.0.1f-1ubuntu2.11_amd64_translations.tar.gz Checksums-Sha256: fc92c43d17702f69376798f853749c15b04c479b89b74bdeb4ffbf5c0018e259 488422 openssl_1.0.1f-1ubuntu2.11_amd64.deb d9255ec47f8b442b378f96089b195a3233b83e574a7d238e5f947d8b1554e373 827238 libssl1.0.0_1.0.1f-1ubuntu2.11_amd64.deb 2e77de243cfe615aa8fda835294a65a945922de9ab9b6241d5675aa2094979b4 614642 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.11_amd64.udeb 98e0c08fd5525534ebb86184ead7e9abb159c2af2522186bd5dd1a1081a39ff2 123554 libssl1.0.0-udeb_1.0.1f-1ubuntu2.11_amd64.udeb 8d434fbad493bafc5c25f033f6cd6aaa10b5854c28829bf32af44c9216f133d0 1072300 libssl-dev_1.0.1f-1ubuntu2.11_amd64.deb 67cb7417a17295badd8fe71485a226bdaf299a55ba86df6e3798d137267bcd17 2657160 libssl1.0.0-dbg_1.0.1f-1ubuntu2.11_amd64.deb 895046b5140415fe26ca6df099bdf23acb70e7cf13624f65dae1f3009f5b093c 20243 openssl_1.0.1f-1ubuntu2.11_amd64_translations.tar.gz Files: cdae4554ae70cbf1d0bd3b643ac76f45 488422 utils optional openssl_1.0.1f-1ubuntu2.11_amd64.deb 3760f634dfe7001b1e0ec324d29d137d 827238 libs important libssl1.0.0_1.0.1f-1ubuntu2.11_amd64.deb 0d406bed499151d9c798f13db1e99ebe 614642 debian-installer optional libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.11_amd64.udeb 8c02a31a2f064c7670e6325be48d3dba 123554 debian-installer optional libssl1.0.0-udeb_1.0.1f-1ubuntu2.11_amd64.udeb 22c9b0e1986e2d9c50cc0c31dd908a84 1072300 libdevel optional libssl-dev_1.0.1f-1ubuntu2.11_amd64.deb ca61972c7c61f7d1f626dba6160a8c6d 2657160 debug extra libssl1.0.0-dbg_1.0.1f-1ubuntu2.11_amd64.deb cbffee75deb66dd7b754b317a2ccf633 20243 raw-translations - openssl_1.0.1f-1ubuntu2.11_amd64_translations.tar.gz Original-Maintainer: Debian OpenSSL Team Package-Type: udeb