-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 16 Dec 2018 21:07:51 +0100 Source: openssl1.0 Binary: libssl1.0.2 libssl1.0-dev libcrypto1.0.2-udeb libssl1.0.2-udeb Architecture: source Version: 1.0.2q-1~deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Description: libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl1.0-dev - Secure Sockets Layer toolkit - development files libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries libssl1.0.2-udeb - ssl shared library - udeb (udeb) Changes: openssl1.0 (1.0.2q-1~deb9u1) stretch-security; urgency=medium . * use signing-key.asc and a https links for downloads * Import 1.0.2q stable release. - CVE-2018-0737 (Cache timing vulnerability in RSA Key Generation) - CVE-2018-0732 (Client DoS due to large DH parameter) - CVE-2018-0734 (Timing vulnerability in DSA signature generation) - CVE-2018-5407 (Microarchitecture timing vulnerability in ECC scalar multiplication) Checksums-Sha1: e397d2f3c16a44baca863f8eb979bf29154d29c0 2557 openssl1.0_1.0.2q-1~deb9u1.dsc 692f5f2f1b114f8adaadaa3e7be8cce1907f38c5 5345604 openssl1.0_1.0.2q.orig.tar.gz 52c2f46fe1d9f4edd6421357e5d1d6212dabcef4 488 openssl1.0_1.0.2q.orig.tar.gz.asc 056f674a95e7cddf6ab73a2b6857c828c72ece97 94536 openssl1.0_1.0.2q-1~deb9u1.debian.tar.xz 9b42c6d9830a4673f4a9c26f7c9931d27f738c7c 5968 openssl1.0_1.0.2q-1~deb9u1_source.buildinfo Checksums-Sha256: 059237c5aff241f8e71183985746fb748c7024ef77ebb31a9265a377370ab7f9 2557 openssl1.0_1.0.2q-1~deb9u1.dsc 5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684 5345604 openssl1.0_1.0.2q.orig.tar.gz d8a8e611cb1c46e167594a19aac7b9b56e070b7ec762659462ffa23183064cf0 488 openssl1.0_1.0.2q.orig.tar.gz.asc 6e1f69c8283ded702dc1f8410baaafa5d5408d73b4999ae7e0422a7e58753465 94536 openssl1.0_1.0.2q-1~deb9u1.debian.tar.xz 542daeb263a7444974b081d3b4be41da414efc64a7717ed03d63b4bc5ab7091c 5968 openssl1.0_1.0.2q-1~deb9u1_source.buildinfo Files: 44955e19f737d80a1806a52ecf6d5a73 2557 utils optional openssl1.0_1.0.2q-1~deb9u1.dsc 7563e1ce046cb21948eeb6ba1a0eb71c 5345604 utils optional openssl1.0_1.0.2q.orig.tar.gz fe9271891371076e283ccd6bbd96f2f6 488 utils optional openssl1.0_1.0.2q.orig.tar.gz.asc cbf43d4b24a2dc6e0e8d43fe07e3c752 94536 utils optional openssl1.0_1.0.2q-1~deb9u1.debian.tar.xz 061de784fe0af0969cd6251e20578b7a 5968 utils optional openssl1.0_1.0.2q-1~deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZCVGlf/wqkRmzBnme5boFiqM9dEFAlwYHOsACgkQe5boFiqM 9dHxHg//TOI7avT+2PAxEwf67unOR5byPjF6+GhIiU+l76Yqcmq+RyRHxCpwV/cU Q7jJF9IeNRlY/qj9NCZIJsUdxmUHFsjKVBpmnlTTFS5pJm6g3SvzkQSYYuoBCBpo O5mw57+p8X7HVE4m2z56ifrzGULtbZn65rLtsk5upUBo8KwN+oLGZ9Hxyl/5df0a tocH2F4TTyKSVephx0vfgVoRudw3YxE6pSs1nApd9FMIgw3fBKamyzhDDrkT0qA5 RhkrVpLfEkFMz6NsJ8JLZTBeRtBCNPWcpEwQYD5U6iqp5uml9ZCCtWpTkBmYFUag dHt7g6UvIZCqerjhza4i6rDKyEhJDEz5sXYk0IG0y0/9WiCkAz1JFl9r38IcDn6H H1UksdbSP5pGn40uCi+Q0BBfiEZC1UXTlhIvXOBputMJERolKL+VSNKVAZfdfYZK wDGxFwtaPh8i2UbPbh7JZlndtO5lriJ4ymouxmjsHvc5xGxZu7DTA//ZRcqHfyGo 7q7CkS27HNmss4J1u/E1VtygPpiaI2RSHe/1WQcVq1aB3kxdTlyi2vTIaq8l+pCg 4r+IhqAkZ5PQuk7PWDBEy2wIWmGWapbjamiIVDahC+95q/s67JaH+bmmNDBWwYTr /L3JNzS6bfXVtomiLN0PgYsuBcW4FBDEz3zp3sIfr7E6GITCB7E= =WILF -----END PGP SIGNATURE-----