-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 22 Nov 2018 22:06:24 +0100 Source: openssl1.0 Binary: libssl1.0.2 libssl1.0-dev libcrypto1.0.2-udeb libssl1.0.2-udeb Architecture: source Version: 1.0.2q-1 Distribution: unstable Urgency: medium Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Description: libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl1.0-dev - Secure Sockets Layer toolkit - development files libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries libssl1.0.2-udeb - ssl shared library - udeb (udeb) Closes: 891799 895845 Changes: openssl1.0 (1.0.2q-1) unstable; urgency=medium . * Correct typo in the riscv64 target (Closes: #891799). * Update to policy 4.1.4 - drop Priority: important. - use signing-key.asc and a https links for downloads. - point the VCS-* to salsa. * Import upstream version 1.0.2q - CVE-2018-5407 (Microarchitecture timing vulnerability in ECC scalar multiplication) - CVE-2018-0734 (Timing vulnerability in DSA signature generation) - CVE-2018-0732 (Client DoS due to large DH parameter) - CVE-2018-0737 (Cache timing vulnerability in RSA Key Generation) (Closes: #895845) Checksums-Sha1: 3e17e370152422f0d3d486dd525ef4e6dc349fbd 2514 openssl1.0_1.0.2q-1.dsc 692f5f2f1b114f8adaadaa3e7be8cce1907f38c5 5345604 openssl1.0_1.0.2q.orig.tar.gz 52c2f46fe1d9f4edd6421357e5d1d6212dabcef4 488 openssl1.0_1.0.2q.orig.tar.gz.asc 73eafa0d89c2d9680185732beb656635c65e026d 94732 openssl1.0_1.0.2q-1.debian.tar.xz b7aedb62505eb2ef60305664d3cbabe47beffcfd 6119 openssl1.0_1.0.2q-1_source.buildinfo Checksums-Sha256: 7e9cae7b49067f5ef6e26f81a1a3e202ca7e71f0ed1b257d0b452f11445968ca 2514 openssl1.0_1.0.2q-1.dsc 5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684 5345604 openssl1.0_1.0.2q.orig.tar.gz d8a8e611cb1c46e167594a19aac7b9b56e070b7ec762659462ffa23183064cf0 488 openssl1.0_1.0.2q.orig.tar.gz.asc 25e874dfb163e6b974e7e8d460e49bc07aa64a227c3ab6c1cc4ed7f7ad3188b6 94732 openssl1.0_1.0.2q-1.debian.tar.xz 3b33789965d110c21122004dfa80abc07fc2948beb8adebcf32efdeb833c4c98 6119 openssl1.0_1.0.2q-1_source.buildinfo Files: f1dd5589ba803fdfaa122e720d114050 2514 utils optional openssl1.0_1.0.2q-1.dsc 7563e1ce046cb21948eeb6ba1a0eb71c 5345604 utils optional openssl1.0_1.0.2q.orig.tar.gz fe9271891371076e283ccd6bbd96f2f6 488 utils optional openssl1.0_1.0.2q.orig.tar.gz.asc 7168a96f84a599b82518d2f83a22cedd 94732 utils optional openssl1.0_1.0.2q-1.debian.tar.xz c99ae6f0a736e73b5cdf68e1511098f0 6119 utils optional openssl1.0_1.0.2q-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZCVGlf/wqkRmzBnme5boFiqM9dEFAlv3LtIACgkQe5boFiqM 9dFKCBAAnYkX0yhNx4dY8Nrf9sAP0uyiE+k/ptf6IsP2O811uO6R4BU2i2V77SGw 5snFgsE9RH2FBANeLVX9oI20x9EoxCOBuse88r5RM2oganAv+Wqz/cdnNr6xHu2l K9K/xru2Ts/eyb9X2a/HKHhYi9fZuLvb28Ppo47SGm/DkyFitzNBbgCyIgXSKfsp uy3zRGSPQIMkxzbcJHzrYxMF9qQLduRUnO+96x8hvnWxajKER06BYtzKfV8Be7Zj ByvAFWWsJMNhPVZhyvoEmArQzZypaUu3V81X0HIuN/aL4ypPR2dIMTnlGsIfWe06 AXk7j9V3UXakQhDbdJLwWlhsRm4BdPKJVLbDHXz5gqjD1J8GiEaCQUx1ZAF4YR22 9izjI+VU29eCbH8qS2jPx2lYHa/BQKUVsIagB19w/JtiFJI9Dpr4cHaG0tl0e4gN E+JjgSXshR5LD9yCMjBs3z3/XevLzAVdqsRR00Qy1GngNgCUJp9m1rhkPeg0JC6X E1al0OVoOJxrHE+fqzx35iuDwDqi6jrU2CllWHAp8xx32+SvwPASkvOupDW5o+e4 4TnHyJ/fdrRV70E4yDW5/Uqbwoagsw1XvwJPz3GsJcOqPKO6QSfmhkRLSFxcTVUi FlPH/Y2VB8087XxXxUW2UlIWiE5PZaF2AprgabYPjIyXyQATWQE= =Z6IZ -----END PGP SIGNATURE-----