Format: 1.8
Date: Mon, 02 Jun 2014 13:57:34 -0400
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: all i386_translations i386
Version: 1.0.1f-1ubuntu2.2
Distribution: trusty
Urgency: medium
Maintainer: Ubuntu/amd64 Build Daemon <buildd@toyol.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.0.0-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Changes: 
 openssl (1.0.1f-1ubuntu2.2) trusty-security; urgency=medium
 .
   * SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment
     - debian/patches/CVE-2014-0195.patch: add consistency check for DTLS
       fragments in ssl/d1_both.c.
     - CVE-2014-0195
   * SECURITY UPDATE: denial of service via DTLS recursion flaw
     - debian/patches/CVE-2014-0221.patch: handle DTLS hello request without
       recursion in ssl/d1_both.c.
     - CVE-2014-0221
   * SECURITY UPDATE: MITM via change cipher spec
     - debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec
       when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c,
       ssl/ssl3.h.
     - debian/patches/CVE-2014-0224-2.patch: don't accept zero length master
       secrets in ssl/s3_pkt.c.
     - debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in
       ssl/s3_clnt.c.
     - CVE-2014-0224
   * SECURITY UPDATE: denial of service via ECDH null session cert
     - debian/patches/CVE-2014-3470.patch: check session_cert is not NULL
       before dereferencing it in ssl/s3_clnt.c.
     - CVE-2014-3470
Checksums-Sha1: 
 c30319465b8c81ea0e7b5b681c379a422d44b232 965152 libssl-doc_1.0.1f-1ubuntu2.2_all.deb
 e821680b87abd6552c8c2ae1b484306a790ef715 20372 openssl_1.0.1f-1ubuntu2.2_i386_translations.tar.gz
 bd0f008ae45be1eb6567935f340d9be927efbd57 479248 openssl_1.0.1f-1ubuntu2.2_i386.deb
 93daaca5a7c631b0cb575a9c0f7a22bca22da9cc 778664 libssl1.0.0_1.0.1f-1ubuntu2.2_i386.deb
 c876d73869e1d7cd550b7b15a99940eee9d3be5c 568708 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.2_i386.udeb
 c0372aa974943bc58c92dcf65a8444d37a9995ec 121342 libssl1.0.0-udeb_1.0.1f-1ubuntu2.2_i386.udeb
 ab81b95de3de62b8501491648a1625a6be781743 989428 libssl-dev_1.0.1f-1ubuntu2.2_i386.deb
 92d3ecf4e4bda53defb67f17bab2b157bc9be5aa 2344342 libssl1.0.0-dbg_1.0.1f-1ubuntu2.2_i386.deb
Checksums-Sha256: 
 cb6bd8360e093f7c65158c783a5da4293527cee95eb95ad66fbd9e6ba88275ac 965152 libssl-doc_1.0.1f-1ubuntu2.2_all.deb
 8d549e7afd20e28ab00b5e877a7a8d73bee4f8177f79fc302692c96af7208944 20372 openssl_1.0.1f-1ubuntu2.2_i386_translations.tar.gz
 5efdc2a37b635617108b5be099fe1131e0697ea8fa5fb4467ec04009f3815c39 479248 openssl_1.0.1f-1ubuntu2.2_i386.deb
 0e3cda80be129c15da12f6c0be58cce40b837d6c8e174d965b502c2865e3c1df 778664 libssl1.0.0_1.0.1f-1ubuntu2.2_i386.deb
 34a03d2ac3665cb4e0f701e608c0c1b64beb256f3409bb7652e3853b659f4a46 568708 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.2_i386.udeb
 da0ece44533a21331d503ee0e033af3d7b2d72aa6d35b50732e8c1395186b936 121342 libssl1.0.0-udeb_1.0.1f-1ubuntu2.2_i386.udeb
 733fb0655a36e818430143e1051eafbd3a8afe370dfe85201ca8735a516b3cce 989428 libssl-dev_1.0.1f-1ubuntu2.2_i386.deb
 99af1316a5a83d71d15a74373bea9aa557ebd54c5cd83220d012ae75736c877a 2344342 libssl1.0.0-dbg_1.0.1f-1ubuntu2.2_i386.deb
Files: 
 e81fd436df8195625715ba9e009fbdc4 965152 doc optional libssl-doc_1.0.1f-1ubuntu2.2_all.deb
 0c8ef92eec9893a838a2187f5fde1494 20372 raw-translations - openssl_1.0.1f-1ubuntu2.2_i386_translations.tar.gz
 7bdfbc567d234c778d3fae5fceccbaf7 479248 utils optional openssl_1.0.1f-1ubuntu2.2_i386.deb
 6b82e2a3091a751f141469a23173b1af 778664 libs important libssl1.0.0_1.0.1f-1ubuntu2.2_i386.deb
 f2285ff2aa0e24f1b619996ca0e1f385 568708 debian-installer optional libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.2_i386.udeb
 1e2e111e109abbcf9e3afc7c53f8ac90 121342 debian-installer optional libssl1.0.0-udeb_1.0.1f-1ubuntu2.2_i386.udeb
 e206bdb61dc77d1b74174750ec8401ca 989428 libdevel optional libssl-dev_1.0.1f-1ubuntu2.2_i386.deb
 8ce5eba9647591fa58aafc722401e46a 2344342 debug extra libssl1.0.0-dbg_1.0.1f-1ubuntu2.2_i386.deb
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Package-Type: udeb