Debian
openssl package

Change logs for openssl source package in Buster

  1. Buster (10)
  2. Change log 
  • openssl (1.1.1n-0+deb10u3) buster-security; urgency=medium

  * CVE-2022-2068 (The c_rehash script allows command injection).
  * Update expired certs.

 -- Sebastian Andrzej Siewior <email address hidden>  Fri, 24 Jun 2022 22:07:00 +0200
  • openssl (1.1.1n-0+deb10u1) buster; urgency=medium

  * New upstream version.
    - Add new symbols.

 -- Sebastian Andrzej Siewior <email address hidden>  Fri, 18 Mar 2022 19:41:12 +0100
  • openssl (1.1.1d-0+deb10u7) buster-security; urgency=medium

  * CVE-2021-3711 (SM2 Decryption Buffer Overflow).
  * CVE-2021-3712 (Read buffer overruns processing ASN.1 strings).

 -- Sebastian Andrzej Siewior <email address hidden>  Tue, 24 Aug 2021 10:30:43 +0200
  • openssl (1.1.1d-0+deb10u6) buster-security; urgency=medium

  * CVE-2021-3449 (NULL pointer deref in signature_algorithms processing).

 -- Sebastian Andrzej Siewior <email address hidden>  Tue, 23 Mar 2021 00:08:47 +0100
  • openssl (1.1.1d-0+deb10u5) buster-security; urgency=medium

  * CVE-2021-23841 (NULL pointer deref in X509_issuer_and_serial_hash()).
  * CVE-2021-23840 (Possible overflow of the output length argument in
    EVP_CipherUpdate(), EVP_EncryptUpdate() and EVP_DecryptUpdate()).
  * CVE-2019-1551 (Overflow in the x64_64 Montgomery squaring procedure),
    (Closes: #947949).

 -- Sebastian Andrzej Siewior <email address hidden>  Tue, 16 Feb 2021 23:08:43 +0100
  • openssl (1.1.1d-0+deb10u4) buster-security; urgency=medium

  * CVE-2020-1971 (EDIPARTYNAME NULL pointer de-reference).

 -- Sebastian Andrzej Siewior <email address hidden>  Mon, 07 Dec 2020 21:44:45 +0100
  • openssl (1.1.1d-0+deb10u3) buster-security; urgency=medium

  * CVE-2020-1967 (Segmentation fault in SSL_check_chain).

 -- Sebastian Andrzej Siewior <email address hidden>  Mon, 20 Apr 2020 22:23:01 +0200
  • openssl (1.1.1d-0+deb10u2) buster-security; urgency=medium

  * Reenable AES-CBC-HMAC-SHA ciphers (Closes: #941987).

 -- Sebastian Andrzej Siewior <email address hidden>  Sat, 12 Oct 2019 21:56:43 +0200
  • openssl (1.1.1c-1) unstable; urgency=medium

  * New upstream version
   - CVE-2019-1543 (Prevent over long nonces in ChaCha20-Poly1305)
  * Update symbol list

 -- Sebastian Andrzej Siewior <email address hidden>  Thu, 30 May 2019 17:27:48 +0200
  • openssl (1.1.1b-2) unstable; urgency=medium

  * Fix BUF_MEM regression (Closes: #923516)
  * Fix error when config can't be opened (Closes: #926315)
  * Ship an openssl.cnf in libssl1.1-udeb.dirs

 -- Kurt Roeckx <email address hidden>  Tue, 16 Apr 2019 21:31:11 +0200
  • openssl (1.1.1b-1) unstable; urgency=medium

  [ Sebastian Andrzej Siewior ]
  * Add Breaks on lighttpd (Closes: #913558).

  [ Kurt Roeckx ]
  * New upstream version
  * Update symbol list

 -- Kurt Roeckx <email address hidden>  Tue, 26 Feb 2019 19:52:12 +0100
  • openssl (1.1.1a-1) unstable; urgency=medium

  * Add Breaks on python-boto (See: #909545)
  * New upstream version
   - CVE-2018-0734 (Timing vulnerability in DSA signature generation)
   - CVE-2018-0735 (Timing vulnerability in ECDSA signature generation)
   - Update symbol file for 1.1.1a

 -- Sebastian Andrzej Siewior <email address hidden>  Thu, 22 Nov 2018 19:40:54 +0100
  • openssl (1.1.1-2) unstable; urgency=medium

  [ Sebastian Andrzej Siewior ]
  * Add Breaks on isync (See: #906955)
  * Fix autopkgtest (Closes: #910459)

  [ Kurt Roeckx ]
  * Add Breaks on python-imaplib2 (See: #907079)
  * Add news entry regarding default TLS version and security level
    (Closes: #875423, #907631, #911389, #912067).

 -- Sebastian Andrzej Siewior <email address hidden>  Sun, 28 Oct 2018 23:52:24 +0100
  • openssl (1.1.1-1) unstable; urgency=medium

  * New upstream version.
   - Update symbol file for 1.1.1
   - CVE-2018-0732 (actually since pre8).
  * Add Breaks on python-httplib2 (Addresses: #907015)
  * Add hardening=+all.
  * Update to policy 4.2.1
    - Less verbose testsuite with terse
    - Use RRR=no

 -- Sebastian Andrzej Siewior <email address hidden>  Wed, 12 Sep 2018 20:39:24 +0200
  • openssl (1.1.0h-4) unstable; urgency=medium

  * Build the binary in indep mode again, so we can install the documentation
    again.
  * Drop @echo in flavour so it builds again on Alpha
  * Add a 25-test_verify.t for autopkgtest which runs against intalled
    openssl binary.

 -- Sebastian Andrzej Siewior <email address hidden>  Wed, 23 May 2018 14:42:14 +0200
  • openssl (1.1.0h-3) unstable; urgency=medium

  * Drop afalgeng on kfreebsd-* which go enabled because they inherit from
    the linux target.
  * Fix regression with session cache use by clients (See: #895035).
  * openssl rehash: exit 0 on warnings, same as c_rehash (See: #895473 and
    #895482).
  * Fix debian-rules-sets-dpkg-architecture-variable.
  * Let VCS-* point to salsa.d.o.
  * Don't build the binary package in binary-indep mode.
  * Update to policy 4.1.4
    - only Suggest: libssl-doc instead Recommends (only documentation and
      example code is shipped).
    - drop Priority: important.
    - use signing-key.asc and a https links for downloads
  * Use compat 11.
    - this moves the examples to /usr/share/doc/libssl-{doc->dev}/demos but it
      seems to make sense.
  * Fix CVE-2018-0737 (Closes: #895844).

 -- Sebastian Andrzej Siewior <email address hidden>  Thu, 17 May 2018 23:35:43 +0200
  • openssl (1.1.0h-2) unstable; urgency=high

  * Revert "only quote stuff that actually needs quoting" so c_rehash has the
    quotes again (Closes: #894282).

 -- Sebastian Andrzej Siewior <email address hidden>  Wed, 28 Mar 2018 14:08:48 +0200
  • openssl (1.1.0g-2) unstable; urgency=high

  * Avoid problems with aes assembler on armhf using binutils 2.29

 -- Kurt Roeckx <email address hidden>  Sat, 04 Nov 2017 12:48:13 +0100
  • openssl (1.1.0f-5) unstable; urgency=medium

  * Instead of completly disabling TLS 1.0 and 1.1, just set the minimum
    version to TLS 1.2 by default. TLS 1.0 and 1.1 can be enabled again by
    calling SSL_CTX_set_min_proto_version() or SSL_set_min_proto_version().

 -- Kurt Roeckx <email address hidden>  Tue, 08 Aug 2017 16:13:54 +0200
  • openssl (1.1.0f-4) unstable; urgency=medium

  [ Sebastian Andrzej Siewior ]
  * Add support for arm64ilp32, patch by Wookey (Closes: #867240)

  [ Kurt Roeckx ]
  * Disable TLS 1.0 and 1.1, leaving 1.2 as the only supported SSL/TLS
    version. This will likely break things, but the hope is that by
    the release of Buster everything will speak at least TLS 1.2. This will be
    reconsidered before the Buster release.
  * Fix a race condition in the test suite (Closes: #869856)

 -- Kurt Roeckx <email address hidden>  Mon, 07 Aug 2017 01:08:45 +0200
  • openssl (1.1.0f-3+deb9u2) stretch-security; urgency=high

  * CVE-2017-3738 (rsaz_1024_mul_avx2 overflow bug on x86_64)
  * CVE-2018-0733 (Incorrect CRYPTO_memcmp on HP-UX PA-RISC)
  * CVE-2018-0739 (Constructed ASN.1 types with a recursive definition could
    exceed the stack)
  * Add patches to pass the testsuite:
    - Fix-a-Proxy-race-condition.patch
    - Fix-race-condition-in-TLSProxy.patch

 -- Sebastian Andrzej Siewior <email address hidden>  Thu, 29 Mar 2018 12:51:02 +0200
  • openssl (1.1.0f-3+deb9u1) stretch-security; urgency=medium

  * Fix CVE-2017-3735
  * Fix CVE-2017-3736

 -- Kurt Roeckx <email address hidden>  Thu, 02 Nov 2017 12:29:36 +0100
  • openssl (1.1.0f-3) unstable; urgency=medium

  * Don't cleanup a thread-local key we didn't create it (Closes: #863707)

 -- Kurt Roeckx <email address hidden>  Mon, 05 Jun 2017 11:40:42 +0200