Format: 1.8 Date: Mon, 23 Aug 2021 13:02:39 -0400 Source: openssl Binary: libcrypto1.1-udeb libssl-dev libssl1.1 libssl1.1-udeb openssl Architecture: ppc64el ppc64el_translations Version: 1.1.1f-1ubuntu2.8 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl1.1 - Secure Sockets Layer toolkit - shared libraries libssl1.1-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.1.1f-1ubuntu2.8) focal-security; urgency=medium . * SECURITY UPDATE: SM2 Decryption Buffer Overflow - debian/patches/CVE-2021-3711-1.patch: correctly calculate the length of SM2 plaintext given the ciphertext in crypto/sm2/sm2_crypt.c, crypto/sm2/sm2_pmeth.c, include/crypto/sm2.h, test/sm2_internal_test.c. - debian/patches/CVE-2021-3711-2.patch: extend tests for SM2 decryption in test/recipes/30-test_evp_data/evppkey.txt. - debian/patches/CVE-2021-3711-3.patch: check the plaintext buffer is large enough when decrypting SM2 in crypto/sm2/sm2_crypt.c. - CVE-2021-3711 * SECURITY UPDATE: Read buffer overrun in X509_aux_print() - debian/patches/CVE-2021-3712.patch: fix a read buffer overrun in X509_aux_print() in crypto/x509/t_x509.c. - debian/patches/CVE-2021-3712-2.patch: fix i2v_GENERAL_NAME to not assume NUL terminated strings in crypto/x509v3/v3_alt.c, crypto/x509v3/v3_utl.c, include/crypto/x509.h. - debian/patches/CVE-2021-3712-3.patch: fix POLICYINFO printing to not assume NUL terminated strings in crypto/x509v3/v3_cpols.c. - debian/patches/CVE-2021-3712-4.patch: fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings in crypto/x509v3/v3_pci.c. - debian/patches/CVE-2021-3712-5.patch: fix the name constraints code to not assume NUL terminated strings in crypto/x509v3/v3_ncons.c. - debian/patches/CVE-2021-3712-6.patch: fix test code to not assume NUL terminated strings in test/x509_time_test.c. - debian/patches/CVE-2021-3712-7.patch: fix append_ia5 function to not assume NUL terminated strings in crypto/x509v3/v3_utl.c. - debian/patches/CVE-2021-3712-8.patch: fix NETSCAPE_SPKI_print function to not assume NUL terminated strings in crypto/asn1/t_spki.c. - debian/patches/CVE-2021-3712-9.patch: fix EC_GROUP_new_from_ecparameters to check the base length in crypto/ec/ec_asn1.c. - debian/patches/CVE-2021-3712-10.patch: allow fuzz builds to detect string overruns in crypto/asn1/asn1_lib.c. - debian/patches/CVE-2021-3712-11.patch: fix the error handling in i2v_AUTHORITY_KEYID in crypto/x509v3/v3_akey.c. - debian/patches/CVE-2021-3712-12.patch: allow fuzz builds to detect string overruns in crypto/asn1/asn1_lib.c. - debian/patches/CVE-2021-3712-13.patch: fix the name constraints code to not assume NUL terminated strings in crypto/x509v3/v3_ncons.c. - debian/patches/CVE-2021-3712-14.patch: fix i2v_GENERAL_NAME to not assume NUL terminated strings in crypto/x509v3/v3_utl.c. - CVE-2021-3712 Checksums-Sha1: 9e5d750721ca2ec3a5d2c9227fcb6e600e045232 1122844 libcrypto1.1-udeb_1.1.1f-1ubuntu2.8_ppc64el.udeb ed006e3a5859f99e253be1696995a40cd13f9ded 1670844 libssl-dev_1.1.1f-1ubuntu2.8_ppc64el.deb 2f87af150aa5f0fcfaf3709a078145c0373fd930 3163176 libssl1.1-dbgsym_1.1.1f-1ubuntu2.8_ppc64el.ddeb 2458f3c4e5b7e10a469479a60e586b1ea2e33ab8 204440 libssl1.1-udeb_1.1.1f-1ubuntu2.8_ppc64el.udeb c77e3f629fb7a03a0032f9299ffa60d937f545e6 1362504 libssl1.1_1.1.1f-1ubuntu2.8_ppc64el.deb 49c63b92bcd2ae656084b4d7ef28d683212337ee 566180 openssl-dbgsym_1.1.1f-1ubuntu2.8_ppc64el.ddeb ccdd7d19472bd14f2317a946b2523cf99ff8f500 7399 openssl_1.1.1f-1ubuntu2.8_ppc64el.buildinfo 6c2de20bd5f616e5d0af73370267d2f8c014a959 620468 openssl_1.1.1f-1ubuntu2.8_ppc64el.deb b76f7032177a4222cde776b1db22b999cd5f61e3 27580 openssl_1.1.1f-1ubuntu2.8_ppc64el_translations.tar.gz Checksums-Sha256: b3b531a82caac80ddc0c3567abd8d1e1f3c57d5bbad90481a0839bf1595c119c 1122844 libcrypto1.1-udeb_1.1.1f-1ubuntu2.8_ppc64el.udeb d52a396007019c88cab4110276fe36e1759f3ab3a6362b4c9673c9a6dc211426 1670844 libssl-dev_1.1.1f-1ubuntu2.8_ppc64el.deb 2bb8d52a76cf618c65e7f9cb104ef7de022ef9fc88ec4119896569300ea88280 3163176 libssl1.1-dbgsym_1.1.1f-1ubuntu2.8_ppc64el.ddeb c26239178b4414b4c3e7d85324fbe7ef2499e11e6db4099ceb5999b7cb5369f9 204440 libssl1.1-udeb_1.1.1f-1ubuntu2.8_ppc64el.udeb 872ac60aeef4cf80579c1d15e3d70923c19187245668b22d59e064b572a28647 1362504 libssl1.1_1.1.1f-1ubuntu2.8_ppc64el.deb 039c6dd63ecbbee9d0155ba74fb672c53e0a9f7488d1cee4154e8930ae614774 566180 openssl-dbgsym_1.1.1f-1ubuntu2.8_ppc64el.ddeb d7ffc596087e99bf2e39f18894ce09019bdb496a3772e8525d723c4c098ce2de 7399 openssl_1.1.1f-1ubuntu2.8_ppc64el.buildinfo aa021b6b35813166aa114fc4b95f0835a168c74ba8081a8979e11fdf83e1581c 620468 openssl_1.1.1f-1ubuntu2.8_ppc64el.deb 6a363da30eb0fe80fe09e3660302bf613406a57c337a767aeeac62df0c3626a7 27580 openssl_1.1.1f-1ubuntu2.8_ppc64el_translations.tar.gz Files: 965e4052dbfc84ba60cf489969c02a82 1122844 debian-installer optional libcrypto1.1-udeb_1.1.1f-1ubuntu2.8_ppc64el.udeb 08c7c76ab8866062f77a65a5ab17c10e 1670844 libdevel optional libssl-dev_1.1.1f-1ubuntu2.8_ppc64el.deb 5e3be953f7ec5df7e9d81cc0f6b8ad2c 3163176 debug optional libssl1.1-dbgsym_1.1.1f-1ubuntu2.8_ppc64el.ddeb 5a723912831af973a2fc6a661e9007b0 204440 debian-installer optional libssl1.1-udeb_1.1.1f-1ubuntu2.8_ppc64el.udeb b08e6fc8dbf020baff8f17c16a122747 1362504 libs optional libssl1.1_1.1.1f-1ubuntu2.8_ppc64el.deb d987bdc731cf2730b70388d809e49b2f 566180 debug optional openssl-dbgsym_1.1.1f-1ubuntu2.8_ppc64el.ddeb ff3dacb2d7d5e4352c2e67378937c9c5 7399 utils optional openssl_1.1.1f-1ubuntu2.8_ppc64el.buildinfo 78adffa3ac97d70bc125fa634d73536f 620468 utils optional openssl_1.1.1f-1ubuntu2.8_ppc64el.deb 62e0a7d4080b2971e18fbdfc74e5bef3 27580 raw-translations - openssl_1.1.1f-1ubuntu2.8_ppc64el_translations.tar.gz Original-Maintainer: Debian OpenSSL Team