Format: 1.8 Date: Tue, 03 May 2022 12:01:34 -0400 Source: openssl Binary: libssl-dev libssl3 openssl Built-For-Profiles: noudeb Architecture: arm64 arm64_translations Version: 3.0.2-0ubuntu1.1 Distribution: jammy Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libssl-dev - Secure Sockets Layer toolkit - development files libssl3 - Secure Sockets Layer toolkit - shared libraries openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (3.0.2-0ubuntu1.1) jammy-security; urgency=medium . * SECURITY UPDATE: c_rehash script allows command injection - debian/patches/CVE-2022-1292.patch: do not use shell to invoke openssl in tools/c_rehash.in. - CVE-2022-1292 * SECURITY UPDATE: OCSP_basic_verify may incorrectly verify the response signing certificate - debian/patches/CVE-2022-1343-1.patch: fix OCSP_basic_verify signer certificate validation in crypto/ocsp/ocsp_vfy.c. - debian/patches/CVE-2022-1343-2.patch: test ocsp with invalid responses in test/recipes/80-test_ocsp.t. - CVE-2022-1343 * SECURITY UPDATE: incorrect MAC key used in the RC4-MD5 ciphersuite - debian/patches/CVE-2022-1434.patch: fix the RC4-MD5 cipher in providers/implementations/ciphers/cipher_rc4_hmac_md5.c, test/recipes/30-test_evp_data/evpciph_aes_stitched.txt, test/recipes/30-test_evp_data/evpciph_rc4_stitched.txt. - CVE-2022-1434 * SECURITY UPDATE: resource leakage when decoding certificates and keys - debian/patches/CVE-2022-1473.patch: fix bug in OPENSSL_LH_flush in crypto/lhash/lhash.c. - CVE-2022-1473 Checksums-Sha1: b926110bffba689744c97d397e7a8ef1c553e8bc 2293292 libssl-dev_3.0.2-0ubuntu1.1_arm64.deb 57ca911a62926968b24877fe62c071f2181db809 4838298 libssl3-dbgsym_3.0.2-0ubuntu1.1_arm64.ddeb cd72c19e853e554d3bb611244d9afeeb52d1ecc1 1763384 libssl3_3.0.2-0ubuntu1.1_arm64.deb 2ee9b6becf1e1ced638c05aae12f4be07d04b4b4 759578 openssl-dbgsym_3.0.2-0ubuntu1.1_arm64.ddeb 9b64811a54975fd6bc651b47aed5567c98476855 7126 openssl_3.0.2-0ubuntu1.1_arm64.buildinfo ea87d75dfb6cf78acd660f0efbd048dd82e24593 1159878 openssl_3.0.2-0ubuntu1.1_arm64.deb 7279bd3c8ab6fdc86c0f506aadf099f1a0d28b33 27660 openssl_3.0.2-0ubuntu1.1_arm64_translations.tar.gz Checksums-Sha256: 25df16c5887fb0f7c6fec04c3d813af08033277bb48bd111849f5e6e413b0aae 2293292 libssl-dev_3.0.2-0ubuntu1.1_arm64.deb cca469a57cb88cc4f12b7b5d61c1661a16e439fc3a5a9813ab5329aa26922438 4838298 libssl3-dbgsym_3.0.2-0ubuntu1.1_arm64.ddeb 2d3ae9cb34c8d250f19a67882ecd78ff0051205fd0a714b468060b75875d82e7 1763384 libssl3_3.0.2-0ubuntu1.1_arm64.deb 57abc0dba17685c945c269ebb2b651d0ad0d7ca66229ca3343630e6f7e3325db 759578 openssl-dbgsym_3.0.2-0ubuntu1.1_arm64.ddeb 298156bcf95ea22c63fb4ac0d49d2c3d1efeb810bae8896bd209f1dd66f13470 7126 openssl_3.0.2-0ubuntu1.1_arm64.buildinfo 56a7e16ca42bd5b9b10542321ef209909e6a4d3d0c923bc7b1e6591d7f02bd01 1159878 openssl_3.0.2-0ubuntu1.1_arm64.deb e07b81d63f3a829d71d21a39244a9554beb02743230aaad8d1fb6b70797a7de3 27660 openssl_3.0.2-0ubuntu1.1_arm64_translations.tar.gz Files: 84781c1b256e1fea474bd84495d366b6 2293292 libdevel optional libssl-dev_3.0.2-0ubuntu1.1_arm64.deb bb312b087b8608f820cd1afdb3bd97b8 4838298 debug optional libssl3-dbgsym_3.0.2-0ubuntu1.1_arm64.ddeb 0572c6aa68fdfed2c3ae4bd8185d2fcb 1763384 libs optional libssl3_3.0.2-0ubuntu1.1_arm64.deb 0fd1418a9540560b217243ae5d430e61 759578 debug optional openssl-dbgsym_3.0.2-0ubuntu1.1_arm64.ddeb 7a4f9b259ccd62148468d7e4816eaf80 7126 utils optional openssl_3.0.2-0ubuntu1.1_arm64.buildinfo 95906f89c80fb2212d40abb902452dd8 1159878 utils optional openssl_3.0.2-0ubuntu1.1_arm64.deb 6127034a3ffbbe6c214746fac1951520 27660 raw-translations - openssl_3.0.2-0ubuntu1.1_arm64_translations.tar.gz Original-Maintainer: Debian OpenSSL Team