Format: 1.8 Date: Fri, 13 Oct 2023 08:02:49 -0400 Source: openssl Binary: libssl-dev libssl3 openssl Built-For-Profiles: noudeb Architecture: armhf armhf_translations Version: 3.0.2-0ubuntu1.12 Distribution: jammy Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libssl-dev - Secure Sockets Layer toolkit - development files libssl3 - Secure Sockets Layer toolkit - shared libraries openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (3.0.2-0ubuntu1.12) jammy-security; urgency=medium . [ Marc Deslauriers ] * SECURITY UPDATE: AES-SIV implementation ignores empty associated data entries - debian/patches/CVE-2023-2975.patch: do not ignore empty associated data with AES-SIV mode in providers/implementations/ciphers/cipher_aes_siv.c. - CVE-2023-2975 * SECURITY UPDATE: Incorrect cipher key and IV length processing - debian/patches/CVE-2023-5363-1.patch: process key length and iv length early if present in crypto/evp/evp_enc.c. - debian/patches/CVE-2023-5363-2.patch: add unit test in test/evp_extra_test.c. - CVE-2023-5363 . [ Ian Constantin ] * SECURITY UPDATE: denial of service - debian/patches/CVE-2023-3446.patch: adds check to prevent the testing of an excessively large modulus in DH_check(). - CVE-2023-3446 * SECURITY UPDATE: denial of service - debian/patches/CVE-2023-3817.patch: adds check to prevent the testing of invalid q values in DH_check(). - CVE-2023-3817 Checksums-Sha1: 76fb6f53c3e902d9221580820467e2f06cf42506 2082502 libssl-dev_3.0.2-0ubuntu1.12_armhf.deb 418d5dcd5f8915fa8546ad71c17f00d82fcd1bad 4478066 libssl3-dbgsym_3.0.2-0ubuntu1.12_armhf.ddeb ec401bd516e8b7015b1d9c1b77837e75f7db5e80 1579314 libssl3_3.0.2-0ubuntu1.12_armhf.deb 0654104313aafe2c8b30c53183705de5b716d006 668912 openssl-dbgsym_3.0.2-0ubuntu1.12_armhf.ddeb 59fd3d6ca9cc621253d6d9609bccb6a5bf96a4de 7237 openssl_3.0.2-0ubuntu1.12_armhf.buildinfo 1f6e477950b172db365c12702a35cfdaa86ebf7e 1152306 openssl_3.0.2-0ubuntu1.12_armhf.deb b0cf238f8523105c2ff8ff522a3bd93b45b25b4f 26971 openssl_3.0.2-0ubuntu1.12_armhf_translations.tar.gz Checksums-Sha256: a60aadaead00f09808632d4994114a370215b04aed0bccdd3fa4ca2baf15cec9 2082502 libssl-dev_3.0.2-0ubuntu1.12_armhf.deb 8b73f75ce44c08eb2b088ca256538e4787656a8e56febcb371892f99a92b9fa6 4478066 libssl3-dbgsym_3.0.2-0ubuntu1.12_armhf.ddeb c0bf8baa9ed641d84d0bb120a96cfa6e9df0091c2e809892193f83a92470002f 1579314 libssl3_3.0.2-0ubuntu1.12_armhf.deb 5b8b0c86cbc5541240d12aaec038b0b2442ba72bb1eb00a3106f3c92be1e676f 668912 openssl-dbgsym_3.0.2-0ubuntu1.12_armhf.ddeb f9b3c937a494fd76a4fb2114222f96f91a6321384d0113f221dc2ec50e313443 7237 openssl_3.0.2-0ubuntu1.12_armhf.buildinfo debb24685d9a5b7ce48a0f9bc8d1fa84c7ba4378ecbbf0f99305c2ad8640d3f6 1152306 openssl_3.0.2-0ubuntu1.12_armhf.deb eb5fd54304e5f77c88cb17550d9e4c56714afe17ba7b2d2f79aec6b5f68ecd14 26971 openssl_3.0.2-0ubuntu1.12_armhf_translations.tar.gz Files: 1a02bba36890f558a790d8712499fce4 2082502 libdevel optional libssl-dev_3.0.2-0ubuntu1.12_armhf.deb a1e1ec8d74931c06a75ad6f3e5ff1766 4478066 debug optional libssl3-dbgsym_3.0.2-0ubuntu1.12_armhf.ddeb 7d8e3b56b24ccd2056ec6ecd2b04b761 1579314 libs optional libssl3_3.0.2-0ubuntu1.12_armhf.deb 8c82be5daf6b633f4a930c0756f282b2 668912 debug optional openssl-dbgsym_3.0.2-0ubuntu1.12_armhf.ddeb 6918586c2743cceac5244597695b2a4b 7237 utils optional openssl_3.0.2-0ubuntu1.12_armhf.buildinfo 2ce9105d0a290a7e734c6c3af09befb4 1152306 utils optional openssl_3.0.2-0ubuntu1.12_armhf.deb c9ecf1774b6a98d595354770c36c2b3a 26971 raw-translations - openssl_3.0.2-0ubuntu1.12_armhf_translations.tar.gz Original-Maintainer: Debian OpenSSL Team