Format: 1.8
Date: Mon, 02 Jun 2014 13:57:34 -0400
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: amd64 amd64_translations
Version: 1.0.1f-1ubuntu2.2
Distribution: trusty
Urgency: medium
Maintainer: Ubuntu/amd64 Build Daemon <buildd@brownie.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.0.0-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Changes: 
 openssl (1.0.1f-1ubuntu2.2) trusty-security; urgency=medium
 .
   * SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment
     - debian/patches/CVE-2014-0195.patch: add consistency check for DTLS
       fragments in ssl/d1_both.c.
     - CVE-2014-0195
   * SECURITY UPDATE: denial of service via DTLS recursion flaw
     - debian/patches/CVE-2014-0221.patch: handle DTLS hello request without
       recursion in ssl/d1_both.c.
     - CVE-2014-0221
   * SECURITY UPDATE: MITM via change cipher spec
     - debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec
       when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c,
       ssl/ssl3.h.
     - debian/patches/CVE-2014-0224-2.patch: don't accept zero length master
       secrets in ssl/s3_pkt.c.
     - debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in
       ssl/s3_clnt.c.
     - CVE-2014-0224
   * SECURITY UPDATE: denial of service via ECDH null session cert
     - debian/patches/CVE-2014-3470.patch: check session_cert is not NULL
       before dereferencing it in ssl/s3_clnt.c.
     - CVE-2014-3470
Checksums-Sha1: 
 7a5f91d6d1da42d00dd1ebe9cf77747da703fe20 487882 openssl_1.0.1f-1ubuntu2.2_amd64.deb
 03103eeffe9715fcc23b4ff1c93d9812abbad295 825876 libssl1.0.0_1.0.1f-1ubuntu2.2_amd64.deb
 13c28ba36229e4ccb117b06aef461ad1a84556ed 614210 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.2_amd64.udeb
 141e9ed67f2a2d225bc738825809def85f6a3d4a 122832 libssl1.0.0-udeb_1.0.1f-1ubuntu2.2_amd64.udeb
 b2307ea4422776aabdf1727cec178203d0bcb279 1066408 libssl-dev_1.0.1f-1ubuntu2.2_amd64.deb
 64ccb34936e2d971b8b3ec84e2d43c9c33fbc67b 2654262 libssl1.0.0-dbg_1.0.1f-1ubuntu2.2_amd64.deb
 f8b04f6ce637231409205f89deb27170a34ca549 20398 openssl_1.0.1f-1ubuntu2.2_amd64_translations.tar.gz
Checksums-Sha256: 
 2a6c08b5058ab6dea68aaf1bf5463c84c8c034849766fdf56db11e287e146e29 487882 openssl_1.0.1f-1ubuntu2.2_amd64.deb
 9344e4e912428d69fbdccaa92a7dd09bdc192c48ae0ee7ea31d3010e8e3adb77 825876 libssl1.0.0_1.0.1f-1ubuntu2.2_amd64.deb
 dfda300c3601e9528bca72fea565146087b7056b342b71c930c05c387e009512 614210 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.2_amd64.udeb
 76d0befce11ba9dec34cddacdd6a37a53b56e85d3d49af82654ca82be779abea 122832 libssl1.0.0-udeb_1.0.1f-1ubuntu2.2_amd64.udeb
 afbffac225a46a002414ca6c63e31538eeffcce5f60196ab9504678f9c3712d8 1066408 libssl-dev_1.0.1f-1ubuntu2.2_amd64.deb
 c3bd2c4eb10abcdc9609ab6035b796df1ab39a3ba46ec8acfb2f92eb542dc2af 2654262 libssl1.0.0-dbg_1.0.1f-1ubuntu2.2_amd64.deb
 9281065cd6c6484176b2dad9e87644783e0c00bc0bae738deaf47d27c7ed95d6 20398 openssl_1.0.1f-1ubuntu2.2_amd64_translations.tar.gz
Files: 
 865a371744e9bde9de629c6e2002b503 487882 utils optional openssl_1.0.1f-1ubuntu2.2_amd64.deb
 b753d80e56b9d53665aeec5901b18b83 825876 libs important libssl1.0.0_1.0.1f-1ubuntu2.2_amd64.deb
 a09b1f7616b3c8cfaaf9df09d8ac456e 614210 debian-installer optional libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.2_amd64.udeb
 30bc4c9204287fe2c7e0321caddb1499 122832 debian-installer optional libssl1.0.0-udeb_1.0.1f-1ubuntu2.2_amd64.udeb
 2e8aa9fd706052c77f2ac368e9ede8c8 1066408 libdevel optional libssl-dev_1.0.1f-1ubuntu2.2_amd64.deb
 7c68be49bb991bb23e4365bf91694d02 2654262 debug extra libssl1.0.0-dbg_1.0.1f-1ubuntu2.2_amd64.deb
 0681ec38c021558b0ea97b83e53bca66 20398 raw-translations - openssl_1.0.1f-1ubuntu2.2_amd64_translations.tar.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Package-Type: udeb