Format: 1.8 Date: Thu, 19 Mar 2015 10:04:30 -0400 Source: openssl Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg Architecture: arm64 arm64_translations Version: 1.0.1f-1ubuntu2.11 Distribution: trusty Urgency: medium Maintainer: Ubuntu Build Daemon Changed-By: Marc Deslauriers Description: libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information libssl1.0.0-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.0.1f-1ubuntu2.11) trusty-security; urgency=medium . * SECURITY UPDATE: denial of service and possible memory corruption via malformed EC private key - debian/patches/CVE-2015-0209.patch: fix use after free in crypto/ec/ec_asn1.c. - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c. - CVE-2015-0209 * SECURITY UPDATE: denial of service via cert verification - debian/patches/CVE-2015-0286.patch: handle boolean types in crypto/asn1/a_type.c. - CVE-2015-0286 * SECURITY UPDATE: ASN.1 structure reuse memory corruption - debian/patches/CVE-2015-0287.patch: free up structures in crypto/asn1/tasn_dec.c. - CVE-2015-0287 * SECURITY UPDATE: denial of service via invalid certificate key - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in crypto/x509/x509_req.c. - CVE-2015-0288 * SECURITY UPDATE: denial of service and possible code execution via PKCS#7 parsing - debian/patches/CVE-2015-0289.patch: handle missing content in crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c. - CVE-2015-0289 * SECURITY UPDATE: denial of service or memory corruption via base64 decoding - debian/patches/CVE-2015-0292.patch: prevent underflow in crypto/evp/encode.c. - CVE-2015-0292 * SECURITY UPDATE: denial of service via assert in SSLv2 servers - debian/patches/CVE-2015-0293.patch: check key lengths in ssl/s2_lib.c, ssl/s2_srvr.c. - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in ssl/s2_srvr.c. - CVE-2015-0293 Checksums-Sha1: 30a280c1398147a090c56d2ce04af20e7974bb69 475266 openssl_1.0.1f-1ubuntu2.11_arm64.deb 8d1a9ac3d654b2e3645780093dc280a64c2b88bb 657222 libssl1.0.0_1.0.1f-1ubuntu2.11_arm64.deb f97d2091d579a6321373b22470b05a7cd65eea01 476542 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.11_arm64.udeb eb480a9c4b7b08d1084ea3c476256a52b8826d2d 99554 libssl1.0.0-udeb_1.0.1f-1ubuntu2.11_arm64.udeb a3cc3d56e3ba04a6872db987e868cffd94836b2c 948242 libssl-dev_1.0.1f-1ubuntu2.11_arm64.deb c460fae81a48772eb63d0c960b14030db9c6956a 2678090 libssl1.0.0-dbg_1.0.1f-1ubuntu2.11_arm64.deb 871be97e172804acc64a942c170efea2d7ed83f6 20201 openssl_1.0.1f-1ubuntu2.11_arm64_translations.tar.gz Checksums-Sha256: 0fb9e55a8f1297a63a8a770bbc066df4392ff9f3dcea83565243d95a7b0a5a8b 475266 openssl_1.0.1f-1ubuntu2.11_arm64.deb 479bd9bfc33af45ba84ae1222757fb3c367eb4eb2b07c78dc74538d9c3a0e47f 657222 libssl1.0.0_1.0.1f-1ubuntu2.11_arm64.deb c3a08eb3ccec3c5b33c70a4d839c39054d88b2d1b9f0222fbb86e2329ae398ae 476542 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.11_arm64.udeb 5b54cede6d5c8675adf0dd41e4c1be9260fb41c687392984157d2ab478c85136 99554 libssl1.0.0-udeb_1.0.1f-1ubuntu2.11_arm64.udeb 314e5a971e89cbbd8d1f65f76564645e555997ad4fa617497db707f850769a2d 948242 libssl-dev_1.0.1f-1ubuntu2.11_arm64.deb dacc44338971606acf15d2aedc8d4ecf8946c7b7e8884c91ab80e50d40594551 2678090 libssl1.0.0-dbg_1.0.1f-1ubuntu2.11_arm64.deb 08aac873845a4cf289efda852af471b675801b7b5ea876cb3d083d2db9f7f265 20201 openssl_1.0.1f-1ubuntu2.11_arm64_translations.tar.gz Files: 365eae6fff1850b11da5a9a9f58b2566 475266 utils optional openssl_1.0.1f-1ubuntu2.11_arm64.deb b12660c097af288cbbf750eb4693c144 657222 libs important libssl1.0.0_1.0.1f-1ubuntu2.11_arm64.deb ccfd0fb552dff286c55273a0b2c83fca 476542 debian-installer optional libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.11_arm64.udeb d0e21c8f5516d3124f25965893783469 99554 debian-installer optional libssl1.0.0-udeb_1.0.1f-1ubuntu2.11_arm64.udeb d4070c7e46cdcb217ffa121fc1c1aa24 948242 libdevel optional libssl-dev_1.0.1f-1ubuntu2.11_arm64.deb dd315af631e7de90d70fac4ad5cc63b2 2678090 debug extra libssl1.0.0-dbg_1.0.1f-1ubuntu2.11_arm64.deb abc9829b92e14ff24ca0b3095c0d152d 20201 raw-translations - openssl_1.0.1f-1ubuntu2.11_arm64_translations.tar.gz Original-Maintainer: Debian OpenSSL Team Package-Type: udeb