Format: 1.8 Date: Thu, 11 Jun 2015 07:10:41 -0400 Source: openssl Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg Architecture: powerpc powerpc_translations Version: 1.0.1f-1ubuntu11.4 Distribution: vivid Urgency: medium Maintainer: Ubuntu/powerpc Build Daemon Changed-By: Marc Deslauriers Description: libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information libssl1.0.0-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.0.1f-1ubuntu11.4) vivid-security; urgency=medium . * SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits - debian/patches/reject_small_dh.patch: reject small dh keys in ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod. * SECURITY UPDATE: denial of service and possible code execution via invalid free in DTLS - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c. - CVE-2014-8176 * SECURITY UPDATE: denial of service via malformed ECParameters - debian/patches/CVE-2015-1788.patch: improve logic in crypto/bn/bn_gf2m.c. - CVE-2015-1788 * SECURITY UPDATE: denial of service via out-of-bounds read in X509_cmp_time - debian/patches/CVE-2015-1789.patch: properly parse time format in crypto/x509/x509_vfy.c. - CVE-2015-1789 * SECURITY UPDATE: denial of service via missing EnvelopedContent - debian/patches/CVE-2015-1790.patch: handle NULL data_body in crypto/pkcs7/pk7_doit.c. - CVE-2015-1790 * SECURITY UPDATE: race condition in NewSessionTicket - debian/patches/CVE-2015-1791.patch: create a new session in ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h, ssl/ssl_sess.c. - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in ssl/ssl_sess.c. - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in ssl/ssl_sess.c. - CVE-2015-1791 * SECURITY UPDATE: CMS verify infinite loop with unknown hash function - debian/patches/CVE-2015-1792.patch: fix infinite loop in crypto/cms/cms_smime.c. - CVE-2015-1792 Checksums-Sha1: 295c4ae7a39904bb451021dae175206cd600d868 467150 openssl_1.0.1f-1ubuntu11.4_powerpc.deb bb53f20d4ba3d7a3f48ec2d2f7acc97964fa0aed 697936 libssl1.0.0_1.0.1f-1ubuntu11.4_powerpc.deb 7bbe83d568275eccd3d31f9a9cfef3c443474f12 507304 libcrypto1.0.0-udeb_1.0.1f-1ubuntu11.4_powerpc.udeb 6494a630d26ce9720acefea44616a6df4911b3c0 106518 libssl1.0.0-udeb_1.0.1f-1ubuntu11.4_powerpc.udeb cd1bcb834cbe1cb698e089d291695b247c334967 948074 libssl-dev_1.0.1f-1ubuntu11.4_powerpc.deb b3488bbf5c4e258875087753573ed2d107adfa15 2713950 libssl1.0.0-dbg_1.0.1f-1ubuntu11.4_powerpc.deb 38b6b3098752a0285d747712110f686ddccacb37 1118 openssl-dbgsym_1.0.1f-1ubuntu11.4_powerpc.ddeb 11a1822946bf93a7574964a074712dd76214856b 954 libssl1.0.0-dbgsym_1.0.1f-1ubuntu11.4_powerpc.ddeb debb5b5dbcfacca39abcb30f75773599028f221d 990 libcrypto1.0.0-udeb-dbgsym_1.0.1f-1ubuntu11.4_powerpc.ddeb 95404eee1380468c2ab846ad6941f3c129837e63 876 libssl1.0.0-udeb-dbgsym_1.0.1f-1ubuntu11.4_powerpc.ddeb ded4a1b22b5b5c656df37be9cf0a82250e34d3e1 978 libssl-dev-dbgsym_1.0.1f-1ubuntu11.4_powerpc.ddeb 02ee499b165b3bac033131892368de3d8b255954 20685 openssl_1.0.1f-1ubuntu11.4_powerpc_translations.tar.gz Checksums-Sha256: 308903aaafde22902eb5ec345dc50e15a7302787a09dc2884d4115554c18c8b7 467150 openssl_1.0.1f-1ubuntu11.4_powerpc.deb 4f7d90d8fb15f0f405a50b7470f22519bb12341ed4597504ea0b00890f1453a2 697936 libssl1.0.0_1.0.1f-1ubuntu11.4_powerpc.deb cc085095383a7dc95bb99f967f97e0f3017e15d69a32a0f4d8623e33c1095dcd 507304 libcrypto1.0.0-udeb_1.0.1f-1ubuntu11.4_powerpc.udeb 1bf252ebae51181437caccab083ba8f589ae99503f8bd192e97e6fcf4a97e3de 106518 libssl1.0.0-udeb_1.0.1f-1ubuntu11.4_powerpc.udeb 41b12df32554adb15979678c2969b79d808dd7e70aad9fc66de1360f429f5350 948074 libssl-dev_1.0.1f-1ubuntu11.4_powerpc.deb 433a30b4c93876a00ebc5d79e2413cc7a10bff706d01ee4b0782aac235a900e3 2713950 libssl1.0.0-dbg_1.0.1f-1ubuntu11.4_powerpc.deb c07efe25e5eb269cac1718c1e0797789f06ea771ca1b612f66b9fee39269f464 1118 openssl-dbgsym_1.0.1f-1ubuntu11.4_powerpc.ddeb 09900598ee30ac7681a5d4a05711d51a84dce246f86e5ded1ed2c73d68b0c5c9 954 libssl1.0.0-dbgsym_1.0.1f-1ubuntu11.4_powerpc.ddeb 6d593d517478a80bd8a8c3681c24cbc5e218544229a02b334715e2dc0187692e 990 libcrypto1.0.0-udeb-dbgsym_1.0.1f-1ubuntu11.4_powerpc.ddeb ae1c31cbe90f084e2284ce9fe43eaa13237e7bc68875ce269c39cb54927bc56b 876 libssl1.0.0-udeb-dbgsym_1.0.1f-1ubuntu11.4_powerpc.ddeb 7afdcfb94b9acd8344ddf5469519f420e22a284b843fbb395ac92252b6ee06c4 978 libssl-dev-dbgsym_1.0.1f-1ubuntu11.4_powerpc.ddeb 9a95de73da70b1fe8cd0cc4caa5a63b7b5ee9947fa650377d925b71a501f7f7d 20685 openssl_1.0.1f-1ubuntu11.4_powerpc_translations.tar.gz Files: bb7dbdecdd3839bebe9c19ee12c1ef0e 467150 utils optional openssl_1.0.1f-1ubuntu11.4_powerpc.deb 4efa76837cb553d317bce406987e4d32 697936 libs important libssl1.0.0_1.0.1f-1ubuntu11.4_powerpc.deb bf2b31dedaf45c5e0812b8bc337fba6d 507304 debian-installer optional libcrypto1.0.0-udeb_1.0.1f-1ubuntu11.4_powerpc.udeb 598e56da03f893dee3144cce0050f6a4 106518 debian-installer optional libssl1.0.0-udeb_1.0.1f-1ubuntu11.4_powerpc.udeb 40e0f0ccfe95bdb55ab8a903ebe6ca7b 948074 libdevel optional libssl-dev_1.0.1f-1ubuntu11.4_powerpc.deb aa8b8715098891c11ecfb73256ada9a0 2713950 debug extra libssl1.0.0-dbg_1.0.1f-1ubuntu11.4_powerpc.deb c7529872d42e6f2b1fcc7ece8850187d 1118 utils extra openssl-dbgsym_1.0.1f-1ubuntu11.4_powerpc.ddeb 80e5b1634e865e05044eb0149bf0922e 954 libs extra libssl1.0.0-dbgsym_1.0.1f-1ubuntu11.4_powerpc.ddeb 268aa1a869d5347abd6347612d96bf7a 990 debian-installer extra libcrypto1.0.0-udeb-dbgsym_1.0.1f-1ubuntu11.4_powerpc.ddeb bda4f4b0cc0d1d0bb56fc1db5501131e 876 debian-installer extra libssl1.0.0-udeb-dbgsym_1.0.1f-1ubuntu11.4_powerpc.ddeb 5a47017cbbda0f5bac2af14078de05ac 978 libdevel extra libssl-dev-dbgsym_1.0.1f-1ubuntu11.4_powerpc.ddeb a6ec7d1eb3da3cddb06eec7446edad00 20685 raw-translations - openssl_1.0.1f-1ubuntu11.4_powerpc_translations.tar.gz Original-Maintainer: Debian OpenSSL Team Package-Type: udeb