Format: 1.8 Date: Thu, 19 Mar 2015 10:03:00 -0400 Source: openssl Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg Architecture: armel armel_translations Version: 1.0.1-4ubuntu5.25 Distribution: precise Urgency: medium Maintainer: Ubuntu/armhf Build Daemon Changed-By: Marc Deslauriers Description: libcrypto1.0.0-udeb - crypto shared library - udeb (udeb) libssl-dev - SSL development libraries, header files and documentation libssl-doc - SSL development documentation documentation libssl1.0.0 - SSL shared libraries libssl1.0.0-dbg - Symbol tables for libssl and libcrypto libssl1.0.0-udeb - ssl shared library - udeb (udeb) openssl - Secure Socket Layer (SSL) binary and related cryptographic tools Changes: openssl (1.0.1-4ubuntu5.25) precise-security; urgency=medium . * SECURITY UPDATE: denial of service and possible memory corruption via malformed EC private key - debian/patches/CVE-2015-0209.patch: fix use after free in crypto/ec/ec_asn1.c. - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c. - CVE-2015-0209 * SECURITY UPDATE: denial of service via cert verification - debian/patches/CVE-2015-0286.patch: handle boolean types in crypto/asn1/a_type.c. - CVE-2015-0286 * SECURITY UPDATE: ASN.1 structure reuse memory corruption - debian/patches/CVE-2015-0287.patch: free up structures in crypto/asn1/tasn_dec.c. - CVE-2015-0287 * SECURITY UPDATE: denial of service via invalid certificate key - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in crypto/x509/x509_req.c. - CVE-2015-0288 * SECURITY UPDATE: denial of service and possible code execution via PKCS#7 parsing - debian/patches/CVE-2015-0289.patch: handle missing content in crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c. - CVE-2015-0289 * SECURITY UPDATE: denial of service or memory corruption via base64 decoding - debian/patches/CVE-2015-0292.patch: prevent underflow in crypto/evp/encode.c. - CVE-2015-0292 * SECURITY UPDATE: denial of service via assert in SSLv2 servers - debian/patches/CVE-2015-0293.patch: check key lengths in ssl/s2_lib.c, ssl/s2_srvr.c. - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in ssl/s2_srvr.c. - CVE-2015-0293 Checksums-Sha1: 0bb61a5b5b146d4a3ab04f870b2b8f5602ffb8fe 519196 openssl_1.0.1-4ubuntu5.25_armel.deb 9d7e7bf975fb83dad4c1a7c59f49cdb9a98dd09a 803772 libssl1.0.0_1.0.1-4ubuntu5.25_armel.deb 254154f272cf116b8d0bfcc7a308eed0c292e6cc 575126 libcrypto1.0.0-udeb_1.0.1-4ubuntu5.25_armel.udeb d6e2c27a9965b26a73b55e5393702102982b7f3a 123448 libssl1.0.0-udeb_1.0.1-4ubuntu5.25_armel.udeb f0c0e5a2116674e7c675e6dd0ecd31be30759893 1264356 libssl-dev_1.0.1-4ubuntu5.25_armel.deb c7222c2c37177896a8fa9ff03a1a65f7eeac376b 2061906 libssl1.0.0-dbg_1.0.1-4ubuntu5.25_armel.deb 7ef31b641392cf356f22c3cd461fe0ea4ed9eabf 18735 openssl_1.0.1-4ubuntu5.25_armel_translations.tar.gz Checksums-Sha256: ccab0d1327f2acf28a40371e6e284e5658cf3ce920efd6a376b7fda0608a6e01 519196 openssl_1.0.1-4ubuntu5.25_armel.deb 53a523e2fffae71c6c69f104459ce287804def99e0eba466fe3c3d3f0990b0b6 803772 libssl1.0.0_1.0.1-4ubuntu5.25_armel.deb fe17759788b77816e7868c138d004e735412349c4b7e16decf3da5d79ac8f856 575126 libcrypto1.0.0-udeb_1.0.1-4ubuntu5.25_armel.udeb 9847cb95c6b8d009761deaf7e4fc30fd63d251e6d36b3cc6927b0390bc1bf020 123448 libssl1.0.0-udeb_1.0.1-4ubuntu5.25_armel.udeb da895b977fd3dade6daf41a9d5c59fd46580386294d26f91b9562fab6814834e 1264356 libssl-dev_1.0.1-4ubuntu5.25_armel.deb 816247f811765b93d09e07bdb27ceae1115db044ecf49ccd5339e22914732486 2061906 libssl1.0.0-dbg_1.0.1-4ubuntu5.25_armel.deb 759f2245a42c3b7fc02e392a3b21ec7641accc794568f86fe1a02b4f7c23f551 18735 openssl_1.0.1-4ubuntu5.25_armel_translations.tar.gz Files: 5fa22df448b9a663a44a1e1ba0231f62 519196 utils optional openssl_1.0.1-4ubuntu5.25_armel.deb 8f606a95cc58842541e6992fb8242c9c 803772 libs important libssl1.0.0_1.0.1-4ubuntu5.25_armel.deb c8fc3774fbd10076356d764998dcf9ae 575126 debian-installer optional libcrypto1.0.0-udeb_1.0.1-4ubuntu5.25_armel.udeb 9ac715ffbad665396a2f0754ae01cd65 123448 debian-installer optional libssl1.0.0-udeb_1.0.1-4ubuntu5.25_armel.udeb 49a866205b3989c49ee6acd340d41870 1264356 libdevel optional libssl-dev_1.0.1-4ubuntu5.25_armel.deb d83401ba452fd5022513cdf6b9cdbe7f 2061906 debug extra libssl1.0.0-dbg_1.0.1-4ubuntu5.25_armel.deb 1b8a1a8f299f071257690f5a8fde888a 18735 raw-translations - openssl_1.0.1-4ubuntu5.25_armel_translations.tar.gz Original-Maintainer: Debian OpenSSL Team Package-Type: udeb