Format: 1.8 Date: Mon, 23 Aug 2021 13:02:39 -0400 Source: openssl Binary: libcrypto1.1-udeb libssl-dev libssl1.1 libssl1.1-udeb openssl Architecture: i386 i386_translations Version: 1.1.1f-1ubuntu2.8 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl1.1 - Secure Sockets Layer toolkit - shared libraries libssl1.1-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.1.1f-1ubuntu2.8) focal-security; urgency=medium . * SECURITY UPDATE: SM2 Decryption Buffer Overflow - debian/patches/CVE-2021-3711-1.patch: correctly calculate the length of SM2 plaintext given the ciphertext in crypto/sm2/sm2_crypt.c, crypto/sm2/sm2_pmeth.c, include/crypto/sm2.h, test/sm2_internal_test.c. - debian/patches/CVE-2021-3711-2.patch: extend tests for SM2 decryption in test/recipes/30-test_evp_data/evppkey.txt. - debian/patches/CVE-2021-3711-3.patch: check the plaintext buffer is large enough when decrypting SM2 in crypto/sm2/sm2_crypt.c. - CVE-2021-3711 * SECURITY UPDATE: Read buffer overrun in X509_aux_print() - debian/patches/CVE-2021-3712.patch: fix a read buffer overrun in X509_aux_print() in crypto/x509/t_x509.c. - debian/patches/CVE-2021-3712-2.patch: fix i2v_GENERAL_NAME to not assume NUL terminated strings in crypto/x509v3/v3_alt.c, crypto/x509v3/v3_utl.c, include/crypto/x509.h. - debian/patches/CVE-2021-3712-3.patch: fix POLICYINFO printing to not assume NUL terminated strings in crypto/x509v3/v3_cpols.c. - debian/patches/CVE-2021-3712-4.patch: fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings in crypto/x509v3/v3_pci.c. - debian/patches/CVE-2021-3712-5.patch: fix the name constraints code to not assume NUL terminated strings in crypto/x509v3/v3_ncons.c. - debian/patches/CVE-2021-3712-6.patch: fix test code to not assume NUL terminated strings in test/x509_time_test.c. - debian/patches/CVE-2021-3712-7.patch: fix append_ia5 function to not assume NUL terminated strings in crypto/x509v3/v3_utl.c. - debian/patches/CVE-2021-3712-8.patch: fix NETSCAPE_SPKI_print function to not assume NUL terminated strings in crypto/asn1/t_spki.c. - debian/patches/CVE-2021-3712-9.patch: fix EC_GROUP_new_from_ecparameters to check the base length in crypto/ec/ec_asn1.c. - debian/patches/CVE-2021-3712-10.patch: allow fuzz builds to detect string overruns in crypto/asn1/asn1_lib.c. - debian/patches/CVE-2021-3712-11.patch: fix the error handling in i2v_AUTHORITY_KEYID in crypto/x509v3/v3_akey.c. - debian/patches/CVE-2021-3712-12.patch: allow fuzz builds to detect string overruns in crypto/asn1/asn1_lib.c. - debian/patches/CVE-2021-3712-13.patch: fix the name constraints code to not assume NUL terminated strings in crypto/x509v3/v3_ncons.c. - debian/patches/CVE-2021-3712-14.patch: fix i2v_GENERAL_NAME to not assume NUL terminated strings in crypto/x509v3/v3_utl.c. - CVE-2021-3712 Checksums-Sha1: 3da59f088cc3a3123435a376bb36e1af2ec435e9 1070620 libcrypto1.1-udeb_1.1.1f-1ubuntu2.8_i386.udeb e58e7ea23f3d9a92432ef8605b92a1e53c0ee145 1613700 libssl-dev_1.1.1f-1ubuntu2.8_i386.deb 4deb344957d2997e792f4e2f2409e413b442708c 2377592 libssl1.1-dbgsym_1.1.1f-1ubuntu2.8_i386.ddeb 2da6a6de07221b3696a641499bb06dd628deee90 206868 libssl1.1-udeb_1.1.1f-1ubuntu2.8_i386.udeb b605f19b5a8090253f07f76786f78aca3276ec08 1318912 libssl1.1_1.1.1f-1ubuntu2.8_i386.deb 0a692cd089e129a39c298a217e5fa4315950828a 492388 openssl-dbgsym_1.1.1f-1ubuntu2.8_i386.ddeb 2285258d1ac39aca5dcf8f59e1d29b985587cd7a 7240 openssl_1.1.1f-1ubuntu2.8_i386.buildinfo 0ff2a008d5baf92ae419b24dd079d52378320baa 630684 openssl_1.1.1f-1ubuntu2.8_i386.deb 125a3dfff58e387fb67b2fff711ed74e652482bc 27562 openssl_1.1.1f-1ubuntu2.8_i386_translations.tar.gz Checksums-Sha256: b39097efcabfacae7d3e3741624ddc9484be7d95edd115407b3b18c283d7d3c9 1070620 libcrypto1.1-udeb_1.1.1f-1ubuntu2.8_i386.udeb 5e422472424286da45a9c4983a8144df7c21a747393f69353d99be8296d6bdfd 1613700 libssl-dev_1.1.1f-1ubuntu2.8_i386.deb a20f6f3d18065db6991b194e0f19a89bf088411700a0e73127053a020cb3ce73 2377592 libssl1.1-dbgsym_1.1.1f-1ubuntu2.8_i386.ddeb 8dbe63916e664ac54dc71c57917d616dc0b3938d883ce70d9622e813f2e52941 206868 libssl1.1-udeb_1.1.1f-1ubuntu2.8_i386.udeb 23075c95a5d3c3335ade7daf3eb86954104550ae058f1acf6b72f28d8d59b4e3 1318912 libssl1.1_1.1.1f-1ubuntu2.8_i386.deb 1d0f3fd316cd3c99ad96031600181e58ec43ae4caf435449b987349570dc07b1 492388 openssl-dbgsym_1.1.1f-1ubuntu2.8_i386.ddeb efc022db5a2b0cd71fa428f60a66e45859901758878d445e135940998c522907 7240 openssl_1.1.1f-1ubuntu2.8_i386.buildinfo 7e86ee461bc283be0639a19fb536ba8705c7109f66ed9705b2adf89d33be2673 630684 openssl_1.1.1f-1ubuntu2.8_i386.deb 220b9c16ef4ddf9885e59a8d7268980a863c0940205e71be03d32ddbce3e7a92 27562 openssl_1.1.1f-1ubuntu2.8_i386_translations.tar.gz Files: d3401fb4314442d21546af1e795eb27b 1070620 debian-installer optional libcrypto1.1-udeb_1.1.1f-1ubuntu2.8_i386.udeb 7d97416ea5f6d876b1bb599ed0757022 1613700 libdevel optional libssl-dev_1.1.1f-1ubuntu2.8_i386.deb 90e7fc610be3c89b3c551419836a76e8 2377592 debug optional libssl1.1-dbgsym_1.1.1f-1ubuntu2.8_i386.ddeb f525f6a1e0f631f84972a5a936350d63 206868 debian-installer optional libssl1.1-udeb_1.1.1f-1ubuntu2.8_i386.udeb 6b93b54160d5ccde41652f0f76c468ea 1318912 libs optional libssl1.1_1.1.1f-1ubuntu2.8_i386.deb b813f2a38daa6c0f4808dfcbaa31dc18 492388 debug optional openssl-dbgsym_1.1.1f-1ubuntu2.8_i386.ddeb d8f99c9985b9aedf34e642f06fb89043 7240 utils optional openssl_1.1.1f-1ubuntu2.8_i386.buildinfo c241ad1a0143e0be79ac4afa5cd1a9d8 630684 utils optional openssl_1.1.1f-1ubuntu2.8_i386.deb 7a24f620ff584f354a29368ff35ad77d 27562 raw-translations - openssl_1.1.1f-1ubuntu2.8_i386_translations.tar.gz Original-Maintainer: Debian OpenSSL Team