Format: 1.8
Date: Mon, 06 Feb 2023 12:57:17 -0500
Source: openssl
Binary: libcrypto1.1-udeb libssl-dev libssl1.1 libssl1.1-udeb openssl
Architecture: ppc64el ppc64el_translations
Version: 1.1.1f-1ubuntu2.17
Distribution: focal
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-ppc64el-028.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.1f-1ubuntu2.17) focal-security; urgency=medium
 .
   * SECURITY UPDATE: Timing Oracle in RSA Decryption
     - debian/patches/CVE-2022-4304.patch: fix timing oracle in
       crypto/bn/bn_blind.c, crypto/bn/bn_err.c, crypto/bn/bn_local.h,
       crypto/bn/build.info, crypto/bn/rsa_sup_mul.c,
       crypto/err/openssl.txt, crypto/rsa/rsa_ossl.c, include/crypto/bn.h,
       include/openssl/bnerr.h.
     - CVE-2022-4304
   * SECURITY UPDATE: Double free after calling PEM_read_bio_ex
     - debian/patches/CVE-2022-4450-1.patch: avoid dangling ptrs in header
       and data params for PEM_read_bio_ex in crypto/pem/pem_lib.c.
     - debian/patches/CVE-2022-4450-2.patch: add a test in test/pemtest.c.
     - CVE-2022-4450
   * SECURITY UPDATE: Use-after-free following BIO_new_NDEF
     - debian/patches/CVE-2023-0215-1.patch: fix a UAF resulting from a bug
       in BIO_new_NDEF in crypto/asn1/bio_ndef.c.
     - debian/patches/CVE-2023-0215-2.patch: check CMS failure during BIO
       setup with -stream is handled correctly in
       test/recipes/80-test_cms.t, test/smime-certs/badrsa.pem.
     - CVE-2023-0215
   * SECURITY UPDATE: X.400 address type confusion in X.509 GeneralName
     - debian/patches/CVE-2023-0286.patch: fix GENERAL_NAME_cmp for
       x400Address in crypto/x509/v3_genn.c, include/openssl/x509v3.h,
       test/v3nametest.c.
     - CVE-2023-0286
Checksums-Sha1:
 c22cc06170e21dd32f292955a6b0fedbac2dab72 1127628 libcrypto1.1-udeb_1.1.1f-1ubuntu2.17_ppc64el.udeb
 b6d0849e29043bb164629d02480213ecbf4deb30 1669780 libssl-dev_1.1.1f-1ubuntu2.17_ppc64el.deb
 dc80a5b4902308a804273bf3de364e515ddb87b1 3172208 libssl1.1-dbgsym_1.1.1f-1ubuntu2.17_ppc64el.ddeb
 647d842f0d2ffa05df4d43ed6ad9ff2afc6c867a 204520 libssl1.1-udeb_1.1.1f-1ubuntu2.17_ppc64el.udeb
 35b6cc81c74e2ca06b01ae410790db98c73aee24 1364280 libssl1.1_1.1.1f-1ubuntu2.17_ppc64el.deb
 9f31e284f65ecc38914d07c0bcc59804d6ed86ce 566440 openssl-dbgsym_1.1.1f-1ubuntu2.17_ppc64el.ddeb
 b3646553ae471c9b8e2cfddb58e3fd9d81db5cab 7526 openssl_1.1.1f-1ubuntu2.17_ppc64el.buildinfo
 03ad15936dac31a3ecbace6cfbbc986cbb6e6d46 620868 openssl_1.1.1f-1ubuntu2.17_ppc64el.deb
 02d628756c4c1ae54035ef2012d3de4179d66620 27350 openssl_1.1.1f-1ubuntu2.17_ppc64el_translations.tar.gz
Checksums-Sha256:
 113a4f8cf7048e37addcb56e61375c83fc8d8048f56b03ffa4b79230b0338dd5 1127628 libcrypto1.1-udeb_1.1.1f-1ubuntu2.17_ppc64el.udeb
 87339a348cc010a83f44148b3a17a53c71ddf41326e21be78e03afd0d3c6c52c 1669780 libssl-dev_1.1.1f-1ubuntu2.17_ppc64el.deb
 304969301ce01200f24555a20aad6497b899d1c527b96c47c5698a671c7f6c10 3172208 libssl1.1-dbgsym_1.1.1f-1ubuntu2.17_ppc64el.ddeb
 e6bd85b1d313fd0a08a52572cf37d28e9fc2bf8f84697dd445a0cefc83aab3c6 204520 libssl1.1-udeb_1.1.1f-1ubuntu2.17_ppc64el.udeb
 3c4e36ab23a1ead40e97d1b51440a8357bbab82189cced20f01619e6b1ff1a18 1364280 libssl1.1_1.1.1f-1ubuntu2.17_ppc64el.deb
 6b434c342079b7c820cecc3d4cb602ac5242eaedb04118cef998712929816347 566440 openssl-dbgsym_1.1.1f-1ubuntu2.17_ppc64el.ddeb
 21c02ce880f98c037101b4f9d40e8d190506aaef0726fd0e943d973cc3f17222 7526 openssl_1.1.1f-1ubuntu2.17_ppc64el.buildinfo
 48211bbe4c4c0029570ae51363970c54327c888761a91955d2087251dddb42b5 620868 openssl_1.1.1f-1ubuntu2.17_ppc64el.deb
 13fe6068d29d15db30339a403929640b030f262ab2b95d405af60a90a4e3f44b 27350 openssl_1.1.1f-1ubuntu2.17_ppc64el_translations.tar.gz
Files:
 a02841fe0be4cb307b05ebd4c819d067 1127628 debian-installer optional libcrypto1.1-udeb_1.1.1f-1ubuntu2.17_ppc64el.udeb
 a83e810a12ece6883881625457166277 1669780 libdevel optional libssl-dev_1.1.1f-1ubuntu2.17_ppc64el.deb
 d381626b8fae8a2e6e8b61308d29b254 3172208 debug optional libssl1.1-dbgsym_1.1.1f-1ubuntu2.17_ppc64el.ddeb
 fb43837ba2cfbcdfda64391e08da2b49 204520 debian-installer optional libssl1.1-udeb_1.1.1f-1ubuntu2.17_ppc64el.udeb
 235f48db15469f9d14ea9584202be7be 1364280 libs optional libssl1.1_1.1.1f-1ubuntu2.17_ppc64el.deb
 88094b5e472bdeab443c45baf40cbe31 566440 debug optional openssl-dbgsym_1.1.1f-1ubuntu2.17_ppc64el.ddeb
 083f56200fd31831981330a24dd197dd 7526 utils optional openssl_1.1.1f-1ubuntu2.17_ppc64el.buildinfo
 d036b88737cd68fe7273a9b8c793c609 620868 utils optional openssl_1.1.1f-1ubuntu2.17_ppc64el.deb
 c05c4da0cea9125d8cf059229f447096 27350 raw-translations - openssl_1.1.1f-1ubuntu2.17_ppc64el_translations.tar.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>