-
openssl (1.1.0l-1~deb9u1) stretch-security; urgency=medium
* Import 1.1.0l
- CVE-2019-1547 (Compute ECC cofactors if not provided during EC_GROUP
construction).
- CVE-2019-1563 (Fixed a padding oracle in PKCS7_dataDecode and
CMS_decrypt_set1_pkey).
-- Sebastian Andrzej Siewior <email address hidden> Fri, 27 Sep 2019 21:46:29 +0200
-
openssl (1.1.0k-1~deb9u1) stretch-security; urgency=medium
* Import 1.1.0k
- CVE-2019-1543 (Prevent over long nonces in ChaCha20-Poly1305)
-- Sebastian Andrzej Siewior <email address hidden> Wed, 26 Jun 2019 18:59:20 +0200
-
openssl (1.1.0j-1~deb9u1) stretch-security; urgency=medium
* Import 1.1.0j
- CVE-2018-0734 (Timing vulnerability in DSA signature generation)
- CVE-2018-0735 (Timing vulnerability in ECDSA signature generation)
- add new symbols
-- Sebastian Andrzej Siewior <email address hidden> Wed, 28 Nov 2018 23:43:08 +0100
-
openssl (1.1.0f-3+deb9u2) stretch-security; urgency=high
* CVE-2017-3738 (rsaz_1024_mul_avx2 overflow bug on x86_64)
* CVE-2018-0733 (Incorrect CRYPTO_memcmp on HP-UX PA-RISC)
* CVE-2018-0739 (Constructed ASN.1 types with a recursive definition could
exceed the stack)
* Add patches to pass the testsuite:
- Fix-a-Proxy-race-condition.patch
- Fix-race-condition-in-TLSProxy.patch
-- Sebastian Andrzej Siewior <email address hidden> Thu, 29 Mar 2018 12:51:02 +0200
-
openssl (1.1.0f-3+deb9u1) stretch-security; urgency=medium
* Fix CVE-2017-3735
* Fix CVE-2017-3736
-- Kurt Roeckx <email address hidden> Thu, 02 Nov 2017 12:29:36 +0100
-
openssl (1.1.0f-3) unstable; urgency=medium
* Don't cleanup a thread-local key we didn't create it (Closes: #863707)
-- Kurt Roeckx <email address hidden> Mon, 05 Jun 2017 11:40:42 +0200
-
openssl (1.1.0e-2) unstable; urgency=medium
* Make openssl depend on perl-base (Closes: #860254)
-- Sebastian Andrzej Siewior <email address hidden> Mon, 01 May 2017 21:50:37 +0200
-
openssl (1.1.0e-1) unstable; urgency=high
* New upstream version
- Fixes CVE-2017-3733
- Remove patches that are applied upstream.
-- Kurt Roeckx <email address hidden> Thu, 16 Feb 2017 18:57:58 +0100
-
openssl (1.1.0d-2) unstable; urgency=medium
* Fix building of arch and all packages in a minimal environment
(Closes: #852900).
* Fix precomputing SHA1 by adding the following patches from upstream:
- Add-a-couple-of-test-to-check-CRL-fingerprint.patch
- Document-what-EXFLAG_SET-is-for-in-x509v3.h.patch
- X509_CRL_digest-ensure-precomputed-sha1-hash-before-.patch
(Closes: #852920).
-- Sebastian Andrzej Siewior <email address hidden> Mon, 30 Jan 2017 23:20:07 +0100
-
openssl (1.1.0c-2) unstable; urgency=medium
* Revert behaviour of SSL_read() and SSL_write(), and update documentation.
(Closes: #844234)
* Add missing -zdelete on x32 (Closes: #844715)
* Add a Breaks on salt-common. Addresses #844706
-- Kurt Roeckx <email address hidden> Mon, 21 Nov 2016 22:20:00 +0100
-
openssl (1.0.2j-1) unstable; urgency=medium
* New upstream release
- Fixes CVE-2016-7052
-- Kurt Roeckx <email address hidden> Mon, 26 Sep 2016 18:17:39 +0200
-
openssl (1.0.2h-1) unstable; urgency=high
* New upstream version
- Fixes CVE-2016-2107
- Fixes CVE-2016-2105
- Fixes CVE-2016-2106
- Fixes CVE-2016-2109
- Fixes CVE-2016-2176
-- Kurt Roeckx <email address hidden> Tue, 03 May 2016 18:31:22 +0200
-
openssl (1.0.2g-2) unstable; urgency=medium
* Use assembler of arm64 (Closes: #794326)
Patch from Riku Voipio <email address hidden>
* Add a udeb for libssl, based on similar changes done in Ubuntu
starting in version 0.9.8o-4ubuntu1 (Closes: #802591)
Patch from Margarita Manterola <email address hidden>
* Add support for nios2 (Closes: #816239)
Based on patch from Marek Vasut <email address hidden>
* Update Spanish translation from Manuel "Venturi" Porras Peralta
<email address hidden> (Closes: #773601)
* Don't build an i586 optimized version anymore, the default
already targets that. Patch from Sven Joachim <email address hidden>
(Closes: #759811)
-- Kurt Roeckx <email address hidden> Thu, 21 Apr 2016 23:43:06 +0200
-
openssl (1.0.2g-1) unstable; urgency=high
* New upstream version
* Fix CVE-2016-0797
* Fix CVE-2016-0798
* Fix CVE-2016-0799
* Fix CVE-2016-0702
* Fix CVE-2016-0705
* Disable EXPORT and LOW ciphers: The DROWN attack (CVE-2016-0800)
makes use of those, and SLOTH attack (CVE-2015-7575) can make use of them
too.
-- Kurt Roeckx <email address hidden> Tue, 01 Mar 2016 18:31:09 +0100
-
openssl (1.0.2f-2) unstable; urgency=high
* New upstream version.
- Fixes CVE-2016-0701
- Not affected by CVE-2015-3197 because SSLv2 is disabled.
-- Kurt Roeckx <email address hidden> Thu, 28 Jan 2016 19:32:02 +0100
-
openssl (1.0.2e-1) unstable; urgency=high
* New upstream release
- Fix CVE-2015-3193
- Fix CVE-2015-3194
- Fix CVE-2015-3195
- Fix CVE-2015-3196
* Remove all symlinks during clean
* Run make depend after configure
* Remove openssl_button.* from the doc package
-- Kurt Roeckx <email address hidden> Thu, 03 Dec 2015 19:33:05 +0100
-
openssl (1.0.2d-3) unstable; urgency=medium
* Upload to unstable
-- Kurt Roeckx <email address hidden> Sun, 01 Nov 2015 19:14:34 +0100
-
openssl (1.0.2d-1) unstable; urgency=high
* New upstream version
- Fixes CVE-2015-1793
-- Kurt Roeckx <email address hidden> Thu, 09 Jul 2015 18:22:26 +0200
-
openssl (1.0.2c-1) unstable; urgency=medium
* New upstream version
- Fixes ABI (Closes: #788511)
-- Kurt Roeckx <email address hidden> Fri, 12 Jun 2015 20:35:12 +0200
-
openssl (1.0.2a-1) unstable; urgency=medium
* New upstrema version
- Fix CVE-2015-0286
- Fix CVE-2015-0287
- Fix CVE-2015-0289
- Fix CVE-2015-0293 (not affected, SSLv2 disabled)
- Fix CVE-2015-0209
- Fix CVE-2015-0288
- Fix CVE-2015-0291
- Fix CVE-2015-0290
- Fix CVE-2015-0207
- Fix CVE-2015-0208
- Fix CVE-2015-1787
- Fix CVE-2015-0285
* Temporary enable SSLv3 methods again, but they will go away.
* Don't set TERMIO anymore, use the default TERMIOS instead.
-- Kurt Roeckx <email address hidden> Thu, 30 Apr 2015 23:37:27 +0200
-
openssl (1.0.1t-1+deb8u3) jessie; urgency=medium
[ Kurt Roeckx ]
* Fix length check for CRLs. (Closes: #826552)
[ Sebastian Andrzej Siewior ]
* Enable asm optimisation for s390x. Patch by Dimitri John Ledkov.
(Closes: #833156).
-- Kurt Roeckx <email address hidden> Sat, 11 Jun 2016 19:18:11 +0200
-
openssl (1.0.1t-1+deb8u2) jessie; urgency=medium
* add Update-S-MIME-certificates.patch to update expired certificates to
pass the test suite
-- Sebastian Andrzej Siewior <email address hidden> Wed, 11 May 2016 23:22:52 +0200
-
openssl (1.0.1k-3+deb8u4) jessie-security; urgency=medium
* Fix CVE-2016-0797
* Fix CVE-2016-0798
* Fix CVE-2016-0799
* Fix CVE-2016-0702
* Fix CVE-2016-0705
* Disable EXPORT and LOW ciphers: The DROWN attack (CVE-2016-0800)
makes use of those, and SLOTH attack (CVE-2015-7575) can make use of them
too.
-- Kurt Roeckx <email address hidden> Sun, 28 Feb 2016 15:29:46 +0100
-
openssl (1.0.1k-3+deb8u2) jessie-security; urgency=medium
* Fix CVE-2015-3194
* Fix CVE-2015-3195
* Fix CVE-2015-3196
-- Kurt Roeckx <email address hidden> Thu, 03 Dec 2015 18:39:46 +0100
-
openssl (1.0.1k-3+deb8u1) jessie-security; urgency=medium
* Fix CVE-2015-1791
* Fix CVE-2015-1792
* Fix CVE-2015-1789
* Fix CVE-2015-1790
* Fix CVE-2015-1788
* CVE-2015-4000: Have minimum of 768 bit for DH
-- Kurt Roeckx <email address hidden> Thu, 11 Jun 2015 20:55:20 +0200
-
openssl (1.0.1k-3) unstable; urgency=medium
* Drop patch 0003-Free-up-passed-ASN.1-structure-if-reused.patch, it at
least breaks voms, possibly others. (Closes: #781081)
-- Kurt Roeckx <email address hidden> Tue, 24 Mar 2015 21:34:00 +0100