-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 29 Mar 2018 12:51:02 +0200 Source: openssl Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc Architecture: source Version: 1.1.0f-3+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Description: libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.1 - Secure Sockets Layer toolkit - shared libraries libssl1.1-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.1.0f-3+deb9u2) stretch-security; urgency=high . * CVE-2017-3738 (rsaz_1024_mul_avx2 overflow bug on x86_64) * CVE-2018-0733 (Incorrect CRYPTO_memcmp on HP-UX PA-RISC) * CVE-2018-0739 (Constructed ASN.1 types with a recursive definition could exceed the stack) * Add patches to pass the testsuite: - Fix-a-Proxy-race-condition.patch - Fix-race-condition-in-TLSProxy.patch Checksums-Sha1: 133cc510404af99e5aca97be0f0277414f046c1b 2397 openssl_1.1.0f-3+deb9u2.dsc 8c24b884ff6e4ff9530db5de12b2d1340ab39bf9 59296 openssl_1.1.0f-3+deb9u2.debian.tar.xz 054bef104edd10a3d84f835534bc7c7fd45f8c41 5886 openssl_1.1.0f-3+deb9u2_source.buildinfo Checksums-Sha256: bace0bac1e074c8f681a4bd47648dd020dc4dc2c352105b0e893e12a3d9f8f5f 2397 openssl_1.1.0f-3+deb9u2.dsc f78dea9f4607d55cabd6ebe05a2c2243ede1e0f7d71296a665a6566c8875fdfe 59296 openssl_1.1.0f-3+deb9u2.debian.tar.xz 9d4f785b8165a3b7db55bd79c1e7d3d4ee6ffc3f4b22093056ab4a9582cf040f 5886 openssl_1.1.0f-3+deb9u2_source.buildinfo Files: d91bd2b832a3951f34f612419740523d 2397 utils optional openssl_1.1.0f-3+deb9u2.dsc fbd52f68b32bd0d9897c93c6a4762de4 59296 utils optional openssl_1.1.0f-3+deb9u2.debian.tar.xz c8faa95dcb2a037b73b20369cf21067a 5886 utils optional openssl_1.1.0f-3+deb9u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJMBAEBCgA2FiEErHvQgQWZUb1RregAT+XjJihy5MwFAlq80J8YHHNlYmFzdGlh bkBicmVha3BvaW50LmNjAAoJEE/l4yYocuTMBZkQAL9xbxxYboZlaJthHN8x+T2l 2JX7YeCpSDNl30g1etyRKyu5V3/LNdx8q/nVtsTAmkZ1JIe1R+wTG4kpgI2U4VD+ fCkrw1LlmmS7oeVxsJghov79AS/hpVrF7WWZsWjPoDCgy0dyYvzC8GF/fgjADkF0 JQ6h+nhUzJQ87S/kDgBP0gRf2Ksu+AyrBgNOOWbkq8NK/OCv5ibJ6p219hUj8e0g XqYq/8vsZrcsYI8fqSZ/WOBrCmNI2lkYXnMyjef4nzo6ERJwwgsyIFwSm1FaKKIg +ItV4xQCThFN8iLbD3ziaRczahPnCwix0lS1QSPbY8pgxIzhJaHjtStqofMg9AV7 ehMnB6EViaMZVjWeRo+o6hC1n1lY5SkNzA5gY2qyjnYswB8kYPPcnsMl4YqAw/DV bzMw4X6yoz/6jHYs2GVtzwOR4MfDHTDLZT6v6dI8wNmbIv2ISZsFSc74KvwJYiTL 9M57z3SRaM65/AuHIF4cbd4TApBOpcUQNHFxowXjVii9vUn4fvplzp2qwsgPl1xy wYKatBLrAJ/n7l/j5ahBYejj3foVmU/yoaXrolYJk8rrLT89cDrQVFRtbYCAhVpE zpCILO1HsXKtl8O9VklH94TCTceCU0efIs5NktlZZuUFbAMtpXBUEQmCp1eMQb6v Gr6XVRvBwCX5c80dNuv3 =NG75 -----END PGP SIGNATURE-----