Format: 1.8
Date: Mon, 02 Jun 2014 13:57:34 -0400
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: armhf armhf_translations
Version: 1.0.1f-1ubuntu2.2
Distribution: trusty
Urgency: medium
Maintainer: Ubuntu/armhf Build Daemon <buildd@kishi17.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.0.0-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Changes: 
 openssl (1.0.1f-1ubuntu2.2) trusty-security; urgency=medium
 .
   * SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment
     - debian/patches/CVE-2014-0195.patch: add consistency check for DTLS
       fragments in ssl/d1_both.c.
     - CVE-2014-0195
   * SECURITY UPDATE: denial of service via DTLS recursion flaw
     - debian/patches/CVE-2014-0221.patch: handle DTLS hello request without
       recursion in ssl/d1_both.c.
     - CVE-2014-0221
   * SECURITY UPDATE: MITM via change cipher spec
     - debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec
       when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c,
       ssl/ssl3.h.
     - debian/patches/CVE-2014-0224-2.patch: don't accept zero length master
       secrets in ssl/s3_pkt.c.
     - debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in
       ssl/s3_clnt.c.
     - CVE-2014-0224
   * SECURITY UPDATE: denial of service via ECDH null session cert
     - debian/patches/CVE-2014-3470.patch: check session_cert is not NULL
       before dereferencing it in ssl/s3_clnt.c.
     - CVE-2014-3470
Checksums-Sha1: 
 359025a60f81dd3bab73d98061cd2a34c91879e9 488084 openssl_1.0.1f-1ubuntu2.2_armhf.deb
 ebdcf60bd2ed04b463f01d19ff6f7e9b66298d85 655854 libssl1.0.0_1.0.1f-1ubuntu2.2_armhf.deb
 49bba28782bda5ed0e7403410be8d435e489a993 471158 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.2_armhf.udeb
 fc49431206825c78b93c44b3a1bf2bb153d4aee4 102222 libssl1.0.0-udeb_1.0.1f-1ubuntu2.2_armhf.udeb
 0864e3ac54b60332ff28d8d9eec2eed059d5a237 909594 libssl-dev_1.0.1f-1ubuntu2.2_armhf.deb
 ff896ebda5c0a34ca58a164d88e1108861598d31 2533542 libssl1.0.0-dbg_1.0.1f-1ubuntu2.2_armhf.deb
 00ee367fcdce2983e770b93f7e79154c3d8004a0 20596 openssl_1.0.1f-1ubuntu2.2_armhf_translations.tar.gz
Checksums-Sha256: 
 df2fbd3ea862aac69d2ad49e4c70be75f738bafd46369c31aa287bccb761e2b0 488084 openssl_1.0.1f-1ubuntu2.2_armhf.deb
 7b9bc1e90453e54aa91b86a4819e2edafb8dcc0314d8774c7a0c05deb4656251 655854 libssl1.0.0_1.0.1f-1ubuntu2.2_armhf.deb
 843292426228779503073dbf7f266275d459745489bebad98378fb9684d4ce2b 471158 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.2_armhf.udeb
 74aa955de733fcd2c303b27a5b69d6f95c67a942d3bb663c221258ae68907dc6 102222 libssl1.0.0-udeb_1.0.1f-1ubuntu2.2_armhf.udeb
 06f50b203e499641854247c6948d77cd8717979288d57651b38d8aecab384ec7 909594 libssl-dev_1.0.1f-1ubuntu2.2_armhf.deb
 af7108805e2e55b2ee433ac1a3ce630788c0ab0e794483b5ffdd88da784538f1 2533542 libssl1.0.0-dbg_1.0.1f-1ubuntu2.2_armhf.deb
 85732ac1f648f8c9056809676bcc876dd0a27175cf6d197a7554df655d267f07 20596 openssl_1.0.1f-1ubuntu2.2_armhf_translations.tar.gz
Files: 
 86ba11550b13a6fdc075bf128822758d 488084 utils optional openssl_1.0.1f-1ubuntu2.2_armhf.deb
 bc2a247c737448c36f41a30832705be5 655854 libs important libssl1.0.0_1.0.1f-1ubuntu2.2_armhf.deb
 01cec0dd61764491e1910948c49a71a5 471158 debian-installer optional libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.2_armhf.udeb
 892e98cf63ee211809296067956939b9 102222 debian-installer optional libssl1.0.0-udeb_1.0.1f-1ubuntu2.2_armhf.udeb
 e359d1b3b527a17761ee3f0ddeb53ddb 909594 libdevel optional libssl-dev_1.0.1f-1ubuntu2.2_armhf.deb
 cb23b0ea48ac5deaf7b4ab968f31b0b5 2533542 debug extra libssl1.0.0-dbg_1.0.1f-1ubuntu2.2_armhf.deb
 9bf1eb32eb5a175f2b0f84cd3fd42a85 20596 raw-translations - openssl_1.0.1f-1ubuntu2.2_armhf_translations.tar.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Package-Type: udeb