openssl 3.0.2-0ubuntu2 source package in Ubuntu
Changelog
openssl (3.0.2-0ubuntu2) kinetic; urgency=medium * SECURITY UPDATE: c_rehash script allows command injection - debian/patches/CVE-2022-1292.patch: do not use shell to invoke openssl in tools/c_rehash.in. - CVE-2022-1292 * SECURITY UPDATE: OCSP_basic_verify may incorrectly verify the response signing certificate - debian/patches/CVE-2022-1343-1.patch: fix OCSP_basic_verify signer certificate validation in crypto/ocsp/ocsp_vfy.c. - debian/patches/CVE-2022-1343-2.patch: test ocsp with invalid responses in test/recipes/80-test_ocsp.t. - CVE-2022-1343 * SECURITY UPDATE: incorrect MAC key used in the RC4-MD5 ciphersuite - debian/patches/CVE-2022-1434.patch: fix the RC4-MD5 cipher in providers/implementations/ciphers/cipher_rc4_hmac_md5.c, test/recipes/30-test_evp_data/evpciph_aes_stitched.txt, test/recipes/30-test_evp_data/evpciph_rc4_stitched.txt. - CVE-2022-1434 * SECURITY UPDATE: resource leakage when decoding certificates and keys - debian/patches/CVE-2022-1473.patch: fix bug in OPENSSL_LH_flush in crypto/lhash/lhash.c. - CVE-2022-1473 -- Marc Deslauriers <email address hidden> Tue, 03 May 2022 12:01:34 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Kinetic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- utils
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
openssl_3.0.2.orig.tar.gz | 14.3 MiB | 98e91ccead4d4756ae3c9cde5e09191a8e586d9f4d50838e7ec09d6411dfdb63 |
openssl_3.0.2.orig.tar.gz.asc | 488 bytes | 764d220aaa6d5e9c13b4239b61f3b8de57aa53fa8362f56ceeada0a10264a8f1 |
openssl_3.0.2-0ubuntu2.debian.tar.xz | 100.3 KiB | ab625a91b72fb99c1b1151090b7238f136fc2e6141753e094806fa71e3112ef2 |
openssl_3.0.2-0ubuntu2.dsc | 2.7 KiB | b51a06e4300578c959c46de2acced5508dc86e94776b34c2b3342d1ba1cedaf4 |
Available diffs
Binary packages built by this source
- libssl-dev: No summary available for libssl-dev in ubuntu kinetic.
No description available for libssl-dev in ubuntu kinetic.
- libssl-doc: No summary available for libssl-doc in ubuntu kinetic.
No description available for libssl-doc in ubuntu kinetic.
- libssl3: No summary available for libssl3 in ubuntu kinetic.
No description available for libssl3 in ubuntu kinetic.
- libssl3-dbgsym: No summary available for libssl3-dbgsym in ubuntu kinetic.
No description available for libssl3-dbgsym in ubuntu kinetic.
- openssl: No summary available for openssl in ubuntu kinetic.
No description available for openssl in ubuntu kinetic.
- openssl-dbgsym: No summary available for openssl-dbgsym in ubuntu kinetic.
No description available for openssl-dbgsym in ubuntu kinetic.