Format: 1.8 Date: Mon, 23 Aug 2021 13:02:39 -0400 Source: openssl Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc Architecture: armhf armhf_translations Version: 1.1.1-1ubuntu2.1~18.04.13 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.1 - Secure Sockets Layer toolkit - shared libraries libssl1.1-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.1.1-1ubuntu2.1~18.04.13) bionic-security; urgency=medium . * SECURITY UPDATE: SM2 Decryption Buffer Overflow - debian/patches/CVE-2021-3711-1.patch: correctly calculate the length of SM2 plaintext given the ciphertext in crypto/sm2/sm2_crypt.c, crypto/sm2/sm2_pmeth.c, crypto/include/internal/sm2.h, test/sm2_internal_test.c. - debian/patches/CVE-2021-3711-2.patch: extend tests for SM2 decryption in test/recipes/30-test_evp_data/evppkey.txt. - debian/patches/CVE-2021-3711-3.patch: check the plaintext buffer is large enough when decrypting SM2 in crypto/sm2/sm2_crypt.c. - CVE-2021-3711 * SECURITY UPDATE: Read buffer overrun in X509_aux_print() - debian/patches/CVE-2021-3712.patch: fix a read buffer overrun in X509_aux_print() in crypto/x509/t_x509.c. - debian/patches/CVE-2021-3712-2.patch: fix i2v_GENERAL_NAME to not assume NUL terminated strings in crypto/x509v3/v3_alt.c, crypto/x509v3/v3_utl.c, crypto/include/internal/x509_int.h. - debian/patches/CVE-2021-3712-3.patch: fix POLICYINFO printing to not assume NUL terminated strings in crypto/x509v3/v3_cpols.c. - debian/patches/CVE-2021-3712-4.patch: fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings in crypto/x509v3/v3_pci.c. - debian/patches/CVE-2021-3712-5.patch: fix the name constraints code to not assume NUL terminated strings in crypto/x509v3/v3_ncons.c. - debian/patches/CVE-2021-3712-6.patch: fix test code to not assume NUL terminated strings in test/x509_time_test.c. - debian/patches/CVE-2021-3712-7.patch: fix append_ia5 function to not assume NUL terminated strings in crypto/x509v3/v3_utl.c. - debian/patches/CVE-2021-3712-8.patch: fix NETSCAPE_SPKI_print function to not assume NUL terminated strings in crypto/asn1/t_spki.c. - debian/patches/CVE-2021-3712-9.patch: fix EC_GROUP_new_from_ecparameters to check the base length in crypto/ec/ec_asn1.c. - debian/patches/CVE-2021-3712-10.patch: allow fuzz builds to detect string overruns in crypto/asn1/asn1_lib.c. - debian/patches/CVE-2021-3712-11.patch: fix the error handling in i2v_AUTHORITY_KEYID in crypto/x509v3/v3_akey.c. - debian/patches/CVE-2021-3712-12.patch: allow fuzz builds to detect string overruns in crypto/asn1/asn1_lib.c. - debian/patches/CVE-2021-3712-13.patch: fix the name constraints code to not assume NUL terminated strings in crypto/x509v3/v3_ncons.c. - debian/patches/CVE-2021-3712-14.patch: fix i2v_GENERAL_NAME to not assume NUL terminated strings in crypto/x509v3/v3_utl.c. - CVE-2021-3712 Checksums-Sha1: 35749bee5cb932e89cbbedf09519d0947969fe3c 874896 libcrypto1.1-udeb_1.1.1-1ubuntu2.1~18.04.13_armhf.udeb 8c3551bd0da66e1a2aae277c7714ea537402ad43 1368224 libssl-dev_1.1.1-1ubuntu2.1~18.04.13_armhf.deb 5163bc4a7a12a1ba704582a3317be57da009e014 3195460 libssl1.1-dbgsym_1.1.1-1ubuntu2.1~18.04.13_armhf.ddeb 7060eea977d34b5190a5fcfc637b620f156470b6 157700 libssl1.1-udeb_1.1.1-1ubuntu2.1~18.04.13_armhf.udeb c57dfca47e7b188c59b4ecb5b1a71adb88f9e338 1069804 libssl1.1_1.1.1-1ubuntu2.1~18.04.13_armhf.deb 022264bf4710e503024362741cc8a9c6bfa05575 517932 openssl-dbgsym_1.1.1-1ubuntu2.1~18.04.13_armhf.ddeb 2842617abf526bdd0ea0d77f6db34095e7361754 7401 openssl_1.1.1-1ubuntu2.1~18.04.13_armhf.buildinfo 1c78f06151f577bc44f0ac9d3e104dce19bf647c 589968 openssl_1.1.1-1ubuntu2.1~18.04.13_armhf.deb 568fa7e26f25372ae8a99108c0ebd4d116d1b638 26836 openssl_1.1.1-1ubuntu2.1~18.04.13_armhf_translations.tar.gz Checksums-Sha256: 42e32e2e621b6cbfa2319b6f59c808ffe84991be53afa9f69475a677290dc5e6 874896 libcrypto1.1-udeb_1.1.1-1ubuntu2.1~18.04.13_armhf.udeb f3cedea25dcd99b20a8b2b7405fe87b48cbac4b682035c3e3551bbc558987fa1 1368224 libssl-dev_1.1.1-1ubuntu2.1~18.04.13_armhf.deb 3837689b71a93d3a6241ecfab7e8f1cd59ad8b9bd633d64a20051ea10fe7ddc9 3195460 libssl1.1-dbgsym_1.1.1-1ubuntu2.1~18.04.13_armhf.ddeb 127f628e9ff730279519ea5d784ceaee59eef58a313713230f0de2afe4d4aa3e 157700 libssl1.1-udeb_1.1.1-1ubuntu2.1~18.04.13_armhf.udeb 32f78be390568f0a9d859d2dce0a8cca95070c08268f1ca18f97d4cfd389fba9 1069804 libssl1.1_1.1.1-1ubuntu2.1~18.04.13_armhf.deb b59839650f44713162e7311faec0e9c15f983202be286bc9c8aeb5f4c8349d68 517932 openssl-dbgsym_1.1.1-1ubuntu2.1~18.04.13_armhf.ddeb 02611b43d8753830cf62ac5130a659e73d664e24b6f4851de2ab98ab94acf622 7401 openssl_1.1.1-1ubuntu2.1~18.04.13_armhf.buildinfo e6ee8b1f0d0e7629a0ba3b8d9559cfd33059cfd8ce0f9de7f32c2579c7c9f21e 589968 openssl_1.1.1-1ubuntu2.1~18.04.13_armhf.deb 1459745f5d4e1d1164537d6018b59221bbd8c69aae57a29707350d883c6791b8 26836 openssl_1.1.1-1ubuntu2.1~18.04.13_armhf_translations.tar.gz Files: 09fbc6fff9de7ad42cc0f450724a8e23 874896 debian-installer optional libcrypto1.1-udeb_1.1.1-1ubuntu2.1~18.04.13_armhf.udeb 64cc673202dd40b51c22d2da847d7aa2 1368224 libdevel optional libssl-dev_1.1.1-1ubuntu2.1~18.04.13_armhf.deb 8d10308d6614fa22ae1609462c06d92b 3195460 debug optional libssl1.1-dbgsym_1.1.1-1ubuntu2.1~18.04.13_armhf.ddeb 6c216df08706a819d019b87ebd06a122 157700 debian-installer optional libssl1.1-udeb_1.1.1-1ubuntu2.1~18.04.13_armhf.udeb c2b8c00da4058d609619e9abd187daf3 1069804 libs optional libssl1.1_1.1.1-1ubuntu2.1~18.04.13_armhf.deb 25b56be54271549549fbc19462ca1e29 517932 debug optional openssl-dbgsym_1.1.1-1ubuntu2.1~18.04.13_armhf.ddeb 91cf2723d9b6e28e7761473226518e68 7401 utils optional openssl_1.1.1-1ubuntu2.1~18.04.13_armhf.buildinfo d1347dee9a9f41d337f077350bc0d9fc 589968 utils optional openssl_1.1.1-1ubuntu2.1~18.04.13_armhf.deb 0b60a87ceb21e63a0da834d47e89b349 26836 raw-translations - openssl_1.1.1-1ubuntu2.1~18.04.13_armhf_translations.tar.gz Original-Maintainer: Debian OpenSSL Team