Format: 1.8
Date: Mon, 06 Feb 2023 12:57:17 -0500
Source: openssl
Binary: libcrypto1.1-udeb libssl-dev libssl1.1 libssl1.1-udeb openssl
Architecture: s390x s390x_translations
Version: 1.1.1f-1ubuntu2.17
Distribution: focal
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-s390x-020.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.1f-1ubuntu2.17) focal-security; urgency=medium
 .
   * SECURITY UPDATE: Timing Oracle in RSA Decryption
     - debian/patches/CVE-2022-4304.patch: fix timing oracle in
       crypto/bn/bn_blind.c, crypto/bn/bn_err.c, crypto/bn/bn_local.h,
       crypto/bn/build.info, crypto/bn/rsa_sup_mul.c,
       crypto/err/openssl.txt, crypto/rsa/rsa_ossl.c, include/crypto/bn.h,
       include/openssl/bnerr.h.
     - CVE-2022-4304
   * SECURITY UPDATE: Double free after calling PEM_read_bio_ex
     - debian/patches/CVE-2022-4450-1.patch: avoid dangling ptrs in header
       and data params for PEM_read_bio_ex in crypto/pem/pem_lib.c.
     - debian/patches/CVE-2022-4450-2.patch: add a test in test/pemtest.c.
     - CVE-2022-4450
   * SECURITY UPDATE: Use-after-free following BIO_new_NDEF
     - debian/patches/CVE-2023-0215-1.patch: fix a UAF resulting from a bug
       in BIO_new_NDEF in crypto/asn1/bio_ndef.c.
     - debian/patches/CVE-2023-0215-2.patch: check CMS failure during BIO
       setup with -stream is handled correctly in
       test/recipes/80-test_cms.t, test/smime-certs/badrsa.pem.
     - CVE-2023-0215
   * SECURITY UPDATE: X.400 address type confusion in X.509 GeneralName
     - debian/patches/CVE-2023-0286.patch: fix GENERAL_NAME_cmp for
       x400Address in crypto/x509/v3_genn.c, include/openssl/x509v3.h,
       test/v3nametest.c.
     - CVE-2023-0286
Checksums-Sha1:
 6c6ab62b1610f2a8fc8ed9ee8251703d6e053ae8 778488 libcrypto1.1-udeb_1.1.1f-1ubuntu2.17_s390x.udeb
 942ba0c93fa3c0462c8e265fd478301717673a7c 1258764 libssl-dev_1.1.1f-1ubuntu2.17_s390x.deb
 0f0d9d47a5e7aa0ac6b615a95f7889ee82cce424 2965948 libssl1.1-dbgsym_1.1.1f-1ubuntu2.17_s390x.ddeb
 fe253eb257bc5892af1844efc23f59e6cfa16bf5 169828 libssl1.1-udeb_1.1.1f-1ubuntu2.17_s390x.udeb
 5029b6074283080ebe6edcc780e93e48dc4cb5d7 984848 libssl1.1_1.1.1f-1ubuntu2.17_s390x.deb
 ec75494aa8ad2a83edd6ebc860d6cbc1a6b33b13 545128 openssl-dbgsym_1.1.1f-1ubuntu2.17_s390x.ddeb
 80cf6725dc0100e5fde9a8ea2bf2a8d15869546e 7347 openssl_1.1.1f-1ubuntu2.17_s390x.buildinfo
 9ac55c85c5665cb59399426b05e8b8485a4266d2 609048 openssl_1.1.1f-1ubuntu2.17_s390x.deb
 6e802b3cefc92e0a6320fb932eeb583a0900205e 27391 openssl_1.1.1f-1ubuntu2.17_s390x_translations.tar.gz
Checksums-Sha256:
 4cc2ac046e44819a97faf3ed67cb5bb89af38856df061fdcc5ee933eeab93ed2 778488 libcrypto1.1-udeb_1.1.1f-1ubuntu2.17_s390x.udeb
 b8f4173bbde2cc079eb0b2b031039fd4a4263fed1b873eae4f2826d1855911a5 1258764 libssl-dev_1.1.1f-1ubuntu2.17_s390x.deb
 f1cf338748b1da50ff4be244f86c3c57082bc4da2f1664e634fe48694fbd5151 2965948 libssl1.1-dbgsym_1.1.1f-1ubuntu2.17_s390x.ddeb
 78b8fbcd73e8a4a1b62cb0844e576f2d2f61ced4bf9fc53766243bb9df759792 169828 libssl1.1-udeb_1.1.1f-1ubuntu2.17_s390x.udeb
 4920dfaed0dc285a2f359ee0038681979885edbd965de1f0d1bbd2f8291e9328 984848 libssl1.1_1.1.1f-1ubuntu2.17_s390x.deb
 9d92e01286b6a115300b17eba96a32ce0477256d3d0fd8b015f0e8038620fb70 545128 openssl-dbgsym_1.1.1f-1ubuntu2.17_s390x.ddeb
 39f3c2d420f66553e7fb5fbb95011c16e939901941afcf8a9796a58cff6ec718 7347 openssl_1.1.1f-1ubuntu2.17_s390x.buildinfo
 09c0440f455138f67760b89605e920376e66ed4a7292fbd762fae49b16e67843 609048 openssl_1.1.1f-1ubuntu2.17_s390x.deb
 51bbc013e60e4aaa30b7eb5beca3f53e27b8fe0630f4166716751e3d03f68654 27391 openssl_1.1.1f-1ubuntu2.17_s390x_translations.tar.gz
Files:
 dd55541a87165abf39eda5a30b70644c 778488 debian-installer optional libcrypto1.1-udeb_1.1.1f-1ubuntu2.17_s390x.udeb
 ca876feeee550ccfa0cd4756d4923a17 1258764 libdevel optional libssl-dev_1.1.1f-1ubuntu2.17_s390x.deb
 b37f6eeb6cb597a6ecbe580cc6bf25c5 2965948 debug optional libssl1.1-dbgsym_1.1.1f-1ubuntu2.17_s390x.ddeb
 9c284a5c34207a67b0778bee77bc07d2 169828 debian-installer optional libssl1.1-udeb_1.1.1f-1ubuntu2.17_s390x.udeb
 3083974c0f40ecc3538e8a4e1ed66ba0 984848 libs optional libssl1.1_1.1.1f-1ubuntu2.17_s390x.deb
 d965a79caad769c5011984d36887ce9a 545128 debug optional openssl-dbgsym_1.1.1f-1ubuntu2.17_s390x.ddeb
 94282816fa5ad8d778aecd5033841214 7347 utils optional openssl_1.1.1f-1ubuntu2.17_s390x.buildinfo
 dfbbb23be4450baf54938d44b72bcaf6 609048 utils optional openssl_1.1.1f-1ubuntu2.17_s390x.deb
 d0b415d9f4be63b884a0c73627b8426d 27391 raw-translations - openssl_1.1.1f-1ubuntu2.17_s390x_translations.tar.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>