Format: 1.8 Date: Mon, 02 Jun 2014 13:57:34 -0400 Source: openssl Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg Architecture: arm64 arm64_translations Version: 1.0.1f-1ubuntu2.2 Distribution: trusty Urgency: medium Maintainer: Ubuntu Build Daemon Changed-By: Marc Deslauriers Description: libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information libssl1.0.0-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.0.1f-1ubuntu2.2) trusty-security; urgency=medium . * SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment - debian/patches/CVE-2014-0195.patch: add consistency check for DTLS fragments in ssl/d1_both.c. - CVE-2014-0195 * SECURITY UPDATE: denial of service via DTLS recursion flaw - debian/patches/CVE-2014-0221.patch: handle DTLS hello request without recursion in ssl/d1_both.c. - CVE-2014-0221 * SECURITY UPDATE: MITM via change cipher spec - debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c, ssl/ssl3.h. - debian/patches/CVE-2014-0224-2.patch: don't accept zero length master secrets in ssl/s3_pkt.c. - debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in ssl/s3_clnt.c. - CVE-2014-0224 * SECURITY UPDATE: denial of service via ECDH null session cert - debian/patches/CVE-2014-3470.patch: check session_cert is not NULL before dereferencing it in ssl/s3_clnt.c. - CVE-2014-3470 Checksums-Sha1: ed5cc533d4a6f24a886daa56b538cc03f6e1b4ef 475184 openssl_1.0.1f-1ubuntu2.2_arm64.deb 672ce3c736128c5d142054ea218ac833993c6412 654588 libssl1.0.0_1.0.1f-1ubuntu2.2_arm64.deb 1e45892581cc53c929463c6a50ea1af8ad2154f9 476590 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.2_arm64.udeb b2edef0bb9e4c44069a9159462a4265755df683b 99734 libssl1.0.0-udeb_1.0.1f-1ubuntu2.2_arm64.udeb 6b8cda7f9f12e2bc72eb1907392a94c63b6a48f5 947314 libssl-dev_1.0.1f-1ubuntu2.2_arm64.deb 8a521866715cf2698a86c711f371b577335ff8ab 2675878 libssl1.0.0-dbg_1.0.1f-1ubuntu2.2_arm64.deb 2e1318425d4d1fb180ca780baa48d78a00749521 20756 openssl_1.0.1f-1ubuntu2.2_arm64_translations.tar.gz Checksums-Sha256: 46879ab81f4de9a31407e080f5c0ba0ad96cf616bcf2cd5bb767293122d8872c 475184 openssl_1.0.1f-1ubuntu2.2_arm64.deb ead23477e612b5276c6db4fef4f10977cd9b08d6847675bc386a98a185e44c5a 654588 libssl1.0.0_1.0.1f-1ubuntu2.2_arm64.deb 7d69944445b4e84db5a5ca5cac2c183509bef4f0307be17dc0071a6e4787e678 476590 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.2_arm64.udeb 9c6c48d3ae947b7e6c6c92105cac6b42c124e3207738fd2b94956fa0b20d1f40 99734 libssl1.0.0-udeb_1.0.1f-1ubuntu2.2_arm64.udeb 5fd00db99444bf661be2e2319be97e095518166b6bb72032fb74a898300b9cad 947314 libssl-dev_1.0.1f-1ubuntu2.2_arm64.deb daaae657fa24b64cbe6f9a29fe8ad244d78d99a5865ddd4c68f1b0461d7eeefb 2675878 libssl1.0.0-dbg_1.0.1f-1ubuntu2.2_arm64.deb d2cca6af8baddf69284ab6f73f8f29e9948fb351d3bfa63cacfd5a0b45476330 20756 openssl_1.0.1f-1ubuntu2.2_arm64_translations.tar.gz Files: 8bf8890ddb5a1265192f21ff38d58720 475184 utils optional openssl_1.0.1f-1ubuntu2.2_arm64.deb 7b8a6b7c3e100091818852a08e7a6969 654588 libs important libssl1.0.0_1.0.1f-1ubuntu2.2_arm64.deb 864d80312084d0f52ebded7e68a90663 476590 debian-installer optional libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.2_arm64.udeb cf1c6b948a66a19fd84a2528f5c02729 99734 debian-installer optional libssl1.0.0-udeb_1.0.1f-1ubuntu2.2_arm64.udeb cb02a752a5cff0a90c145880456c12ce 947314 libdevel optional libssl-dev_1.0.1f-1ubuntu2.2_arm64.deb f309e2f9ba2aeb38f94bc36983ab3852 2675878 debug extra libssl1.0.0-dbg_1.0.1f-1ubuntu2.2_arm64.deb 281f00b1540268a109ddd0b2d1e572fe 20756 raw-translations - openssl_1.0.1f-1ubuntu2.2_arm64_translations.tar.gz Original-Maintainer: Debian OpenSSL Team Package-Type: udeb