package display shows multiple changelog entries

Hello, sometimes package pages will show multiple changelog entries when only one changelog entry is expected.

For example https://launchpad.net/ubuntu/+source/openssl/3.0.9-1ubuntu1 currently has:

openssl (3.0.9-1ubuntu1) mantic; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Remaining changes:
      + Symlink changelog{,.Debian}.gz and copyright.gz from libssl-dev to
        openssl
      + d/libssl3.postinst: Revert Debian deletion
        - Skip services restart & reboot notification if needrestart is in-use.
        - Bump version check to 1.1.1 (bug opened as LP: #1999139)
        - Use a different priority for libssl1.1/restart-services depending
          on whether a desktop, or server dist-upgrade is being performed.
        - Import libraries/restart-without-asking template as used by above.
      + Add support for building with noudeb build profile.
      + Use perl:native in the autopkgtest for installability on i386.

openssl (3.0.9-1) unstable; urgency=medium

  * Import 3.0.7
   - CVE-2023-0464 (Excessive Resource Usage Verifying X.509 Policy
     Constraints) (Closes: #1034720).
   - CVE-2023-0465 (Invalid certificate policies in leaf certificates are
     silently ignored).
   - CVE-2023-0466 (Certificate policy check not enabled).
   - Alternative fix for CVE-2022-4304 (Timing Oracle in RSA Decryption).
   - CVE-2023-2650 (Possible DoS translating ASN.1 object identifiers).
   - CVE-2023-1255 (Input buffer over-read in AES-XTS implementation on 64 bit ARM).
   - Add new symbol.

openssl (3.0.8-1ubuntu3) mantic; urgency=medium

  * SECURITY UPDATE: DoS in AES-XTS cipher decryption
    - debian/patches/CVE-2023-1255.patch: avoid buffer overrread in
      crypto/aes/asm/aesv8-armx.pl.
    - CVE-2023-1255
  * SECURITY UPDATE: Possible DoS translating ASN.1 object identifiers
    - debian/patches/CVE-2023-2650.patch: restrict the size of OBJECT
      IDENTIFIERs that OBJ_obj2txt will translate in
      crypto/objects/obj_dat.c.
    - CVE-2023-2650
  * Replace CVE-2022-4304 fix with improved version
    - debian/patches/revert-CVE-2022-4304.patch: remove previous fix.
    - debian/patches/CVE-2022-4304.patch: use alternative fix in
      crypto/bn/bn_asm.c, crypto/bn/bn_blind.c, crypto/bn/bn_lib.c,
      crypto/bn/bn_local.h, crypto/rsa/rsa_ossl.c.

openssl (3.0.8-1ubuntu2) mantic; urgency=medium

  * Manual reupload from lunar-security to mantic-proposed pocket, due to
    LP failing to copy it

openssl (3.0.8-1ubuntu1.1) lunar-security; urgency=medium

  * SECURITY UPDATE: excessive resource use when verifying policy constraints
    - debian/patches/CVE-2023-0464-1.patch: limit the number of nodes created
      in a policy tree (the default limit is set to 1000 nodes).
    - debian/patches/CVE-2023-0464-2.patch: add test cases for the policy
      resource overuse.
    - debian/patches/CVE-2023-0464-3.patch: disable the policy tree
      exponential growth test conditionally.
    - CVE-2023-0464
  * SECURITY UPDATE: invalid certificate policies ignored in leaf certificates
    - debian/patches/CVE-2023-0465-1.patch: ensure that EXFLAG_INVALID_POLICY
      is checked even in leaf certs.
    - debian/patches/CVE-2023-0465-2.patch: generate some certificates with
      the certificatePolicies extension.
    - debian/patches/CVE-2023-0465-3.patch: add a certificate policies test.
    - CVE-2023-0466
  * SECURITY UPDATE: certificate policy check in X509_VERIFY_PARAM_add0_policy
    not enabled as documented
    - debian/patches/CVE-2023-0466.patch: fix documentation of
      X509_VERIFY_PARAM_add0_policy().
    - CVE-2023-0466

 -- Gianfranco Costamagna <email address hidden> Mon, 12 Jun 2023 11:19:44 +0200