Format: 1.8
Date: Thu, 19 Mar 2015 10:04:30 -0400
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: all i386_translations i386
Version: 1.0.1f-1ubuntu2.11
Distribution: trusty
Urgency: medium
Maintainer: Ubuntu/amd64 Build Daemon <buildd@komainu.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.0.0-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Changes: 
 openssl (1.0.1f-1ubuntu2.11) trusty-security; urgency=medium
 .
   * SECURITY UPDATE: denial of service and possible memory corruption via
     malformed EC private key
     - debian/patches/CVE-2015-0209.patch: fix use after free in
       crypto/ec/ec_asn1.c.
     - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
       freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
     - CVE-2015-0209
   * SECURITY UPDATE: denial of service via cert verification
     - debian/patches/CVE-2015-0286.patch: handle boolean types in
       crypto/asn1/a_type.c.
     - CVE-2015-0286
   * SECURITY UPDATE: ASN.1 structure reuse memory corruption
     - debian/patches/CVE-2015-0287.patch: free up structures in
       crypto/asn1/tasn_dec.c.
     - CVE-2015-0287
   * SECURITY UPDATE: denial of service via invalid certificate key
     - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
       crypto/x509/x509_req.c.
     - CVE-2015-0288
   * SECURITY UPDATE: denial of service and possible code execution via
     PKCS#7 parsing
     - debian/patches/CVE-2015-0289.patch: handle missing content in
       crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
     - CVE-2015-0289
   * SECURITY UPDATE: denial of service or memory corruption via base64
     decoding
     - debian/patches/CVE-2015-0292.patch: prevent underflow in
       crypto/evp/encode.c.
     - CVE-2015-0292
   * SECURITY UPDATE: denial of service via assert in SSLv2 servers
     - debian/patches/CVE-2015-0293.patch: check key lengths in
       ssl/s2_lib.c, ssl/s2_srvr.c.
     - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
       ssl/s2_srvr.c.
     - CVE-2015-0293
Checksums-Sha1: 
 198c4d30fc4ad6d99266b00fe4ff5b660c0d8ffb 967002 libssl-doc_1.0.1f-1ubuntu2.11_all.deb
 fdb03f1240f42f32d9787111645fe78ee18bc049 20059 openssl_1.0.1f-1ubuntu2.11_i386_translations.tar.gz
 ecdeccb339ae916f26473dbd996d601ea1b67045 479218 openssl_1.0.1f-1ubuntu2.11_i386.deb
 a3d9496c771f8b0c75c285acac6656ee6cb48894 778876 libssl1.0.0_1.0.1f-1ubuntu2.11_i386.deb
 73fc1b4943e3224583965ae1fece3aa11a5224b0 569552 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.11_i386.udeb
 6a8304eceeacfc26ed3199d8b5763a19e2718921 122034 libssl1.0.0-udeb_1.0.1f-1ubuntu2.11_i386.udeb
 16c05bf7afc51b6c779dc1e405ec8093839a0c9e 988614 libssl-dev_1.0.1f-1ubuntu2.11_i386.deb
 da597da17b91c85f38f3cb17be9ac1bd265adbd1 2346152 libssl1.0.0-dbg_1.0.1f-1ubuntu2.11_i386.deb
Checksums-Sha256: 
 510bce3201e76fca6bf97f4c42cae647ac584bb6453b2125bc4cb3f96babe34a 967002 libssl-doc_1.0.1f-1ubuntu2.11_all.deb
 51564417de1cef7bacdbf5ac6085c0eb0c8284b53eb1a456e00e1987ffd473a8 20059 openssl_1.0.1f-1ubuntu2.11_i386_translations.tar.gz
 0152e4e750d634be564c5cbaefe5e5ae29b247136eb94d28d4e014914aff6cd9 479218 openssl_1.0.1f-1ubuntu2.11_i386.deb
 302f434908711f5261801194143e9dd98331b24462e0c058c5dbec4606772b50 778876 libssl1.0.0_1.0.1f-1ubuntu2.11_i386.deb
 03fc2438e50962b611f869320d7f98f2a0689ab4f2ceaf5088def757cebf2be5 569552 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.11_i386.udeb
 dcc7ba964749e661ffc2da77765477ede4be901fa912211bd2f2cd2159d7b5b5 122034 libssl1.0.0-udeb_1.0.1f-1ubuntu2.11_i386.udeb
 2c5c94e98a4f61201f8dd22ba298224e7793a993074ba4c2099b4d2e158796c8 988614 libssl-dev_1.0.1f-1ubuntu2.11_i386.deb
 9a439d5cb8453a07df0f4a7500ff95fc34f0f519cc1d853118df5883ebf83800 2346152 libssl1.0.0-dbg_1.0.1f-1ubuntu2.11_i386.deb
Files: 
 6ccda82c680c9e98d2472d458ba4ae29 967002 doc optional libssl-doc_1.0.1f-1ubuntu2.11_all.deb
 519f8a4b842d3aaf27e07ab4474afe46 20059 raw-translations - openssl_1.0.1f-1ubuntu2.11_i386_translations.tar.gz
 368701805f246812ce085f3ebf239e5d 479218 utils optional openssl_1.0.1f-1ubuntu2.11_i386.deb
 f3a40aa4512caf171f1a0c79d68ef1eb 778876 libs important libssl1.0.0_1.0.1f-1ubuntu2.11_i386.deb
 262cbc01a5ac816660c0cc2b2c37f9d5 569552 debian-installer optional libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.11_i386.udeb
 0b8e7b4ed93a823df65174fd9f2dff6c 122034 debian-installer optional libssl1.0.0-udeb_1.0.1f-1ubuntu2.11_i386.udeb
 29ba844dae966740ef092e361b353c9e 988614 libdevel optional libssl-dev_1.0.1f-1ubuntu2.11_i386.deb
 e85d13ae7e8d7c263c6a49577ec27b28 2346152 debug extra libssl1.0.0-dbg_1.0.1f-1ubuntu2.11_i386.deb
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Package-Type: udeb