Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted openssl 3.0.8-1 (source) into unstable
Date: Tue, 07 Feb 2023 21:13:31 +0000
Signed by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 07 Feb 2023 21:42:42 +0100
Source: openssl
Architecture: source
Version: 3.0.8-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Closes: 1029259 1029281
Changes:
 openssl (3.0.8-1) unstable; urgency=medium
 .
   * Import 3.0.7
     - CVE-2023-0401 (NULL dereference during PKCS7 data verification).
     - CVE-2023-0286 (X.400 address type confusion in X.509 GeneralName).
     - CVE-2023-0217 (NULL dereference validating DSA public key).
     - CVE-2023-0216 (Invalid pointer dereference in d2i_PKCS7 functions).
     - CVE-2023-0215 (Use-after-free following BIO_new_NDEF).
     - CVE-2022-4450 (Double free after calling PEM_read_bio_ex).
     - CVE-2022-4304 (Timing Oracle in RSA Decryption).
     - CVE-2022-4203 (X.509 Name Constraints Read Buffer Overflow).
     - Padlock: fix byte swapping assembly for AES-192 and 256
       (Closes: #1029259).
     - Add new symbol.
   * Make loongarch64 little endian (Closes: #1029281).
   * Drop conflict against libssl1.0-dev.
   * Update Standards-Version to 4.6.1. No changes required.
Checksums-Sha1:
 f1ac3d028bcc2f9b36e1f9bf90c2b2323f4fa29e 2633 openssl_3.0.8-1.dsc
 580d8a7232327fe1fa6e7db54ac060d4321f40ab 15151328 openssl_3.0.8.orig.tar.gz
 4de52f934010760aa5653b512aed8b87c1a1c8f4 833 openssl_3.0.8.orig.tar.gz.asc
 c5092a3ba02104dea94f3818d23d14d13412e843 75420 openssl_3.0.8-1.debian.tar.xz
Checksums-Sha256:
 0f8ac1a4ed55e1e1b70e93a781450273c02cf52aacc0eb70b69586a30ed68261 2633 openssl_3.0.8-1.dsc
 6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e 15151328 openssl_3.0.8.orig.tar.gz
 565e31cbc436ec4de82c4b526a01caab1cdc9b78d32705f6e0f57666980331ad 833 openssl_3.0.8.orig.tar.gz.asc
 b7b254f67f0f3443fc4441deec2b9bc6d2d24f9168827dd88ff2bab6f370976c 75420 openssl_3.0.8-1.debian.tar.xz
Files:
 5662fdd6c6cec1957f1bbdd36373451f 2633 utils optional openssl_3.0.8-1.dsc
 61e017cf4fea1b599048f621f1490fbd 15151328 utils optional openssl_3.0.8.orig.tar.gz
 0909410c6f4b262c1a0883461c3b86c9 833 utils optional openssl_3.0.8.orig.tar.gz.asc
 d53c86641cb2bc0d1cb0b82b2b1d09a3 75420 utils optional openssl_3.0.8-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZCVGlf/wqkRmzBnme5boFiqM9dEFAmPiugkACgkQe5boFiqM
9dFEfxAAotDYQ2MJwM6TvwnGghjvdc2Hl1naEkdDN0a4pZBywggf2OooH9VcrdyG
R6XkYPKcOtdz8ngAxNujl1cNwMIvXmMhnaHviByknoigCynBU/oxotDQJ0rgGiX3
vaCUk7dJKj5sXkVhsdkmxckk1l1Uc3Fj/uZRdYz5pvT85/ZNaBcoQhUznsTZzTy2
Wy84tr12roN54IVz0Upk3ooOgnPpyTIe1+gVqdFYyJvy5xXLSKUoatrj5tFDs69u
wcGHm7c3PYlrZg8cB0P6UIRzL2eMxZyYX4JRFeW2RJWRcRIRDy6wSYHEkcQx42tf
oNHL83CIVOATaFuHpKOP5pNuE//yS481MfL571/JfZrA/JQwxtpqM1Pb28qSFbPk
8jYl3GMoI5OpF7I9AVE24c6rbDQRc/Cr/gVKvgo+v3UNbGgdsTjzPkMgBpwGfehB
Y6ioQY88HJsfusv1QOQd0rwUbKlnYwrI7AKM0IQyAKFlPmOGnRPfy7C2qE6lFnFK
D9SJ/CCcJRvRR39RegUFjmmiHWeLC16oVgw45vB+kVPveDKi9ZtyOIjjvlOZhmga
NLUrCzsgNP9hc6/lvqi/CAf0E4yZ9CVKIxgOCDKq9vuUBM1LuUqpiJjFlMjQuryl
qmqkm/t/XF+Tx40TaNx9VBCWgt0hXNf/viYcs2PA3ynD0T9Kkzc=
=1yV+
-----END PGP SIGNATURE-----
News for package openssl
