Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted openssl 3.0.9-1 (source) into unstable
Date: Tue, 30 May 2023 17:19:18 +0000
Signed by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 30 May 2023 18:12:36 +0200
Source: openssl
Architecture: source
Version: 3.0.9-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Closes: 1034720
Changes:
 openssl (3.0.9-1) unstable; urgency=medium
 .
   * Import 3.0.7
    - CVE-2023-0464 (Excessive Resource Usage Verifying X.509 Policy
      Constraints) (Closes: #1034720).
    - CVE-2023-0465 (Invalid certificate policies in leaf certificates are
      silently ignored).
    - CVE-2023-0466 (Certificate policy check not enabled).
    - Alternative fix for CVE-2022-4304 (Timing Oracle in RSA Decryption).
    - CVE-2023-2650 (Possible DoS translating ASN.1 object identifiers).
    - CVE-2023-1255 (Input buffer over-read in AES-XTS implementation on 64 bit ARM).
    - Add new symbol.
Checksums-Sha1:
 87228c5645414248fab10827ba09df7a4d192964 2459 openssl_3.0.9-1.dsc
 b569725118c0603537c9a19449046b41b39627c8 15181285 openssl_3.0.9.orig.tar.gz
 fae89348414f17e5e7782ba3452e03e97a9cba85 833 openssl_3.0.9.orig.tar.gz.asc
 16a3f57149bc0982190bf24ef5f60202bae39087 75600 openssl_3.0.9-1.debian.tar.xz
Checksums-Sha256:
 e1349619b782e9a7ef5e838f9d3ef3b669454ddcd4be740a1183d8cf12153e91 2459 openssl_3.0.9-1.dsc
 eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90 15181285 openssl_3.0.9.orig.tar.gz
 75f46c27c14fbe84c16d41ed95b1af347641c06a53533d3926c4fc05f59ef87a 833 openssl_3.0.9.orig.tar.gz.asc
 e2d357313d50b244727c37aceae3c1e69b0d03a6e911d73de5382515a27647f1 75600 openssl_3.0.9-1.debian.tar.xz
Files:
 912190d5e5a5c1947251bb6de9994baa 2459 utils optional openssl_3.0.9-1.dsc
 8b2aff668b8ce0da24b9505ebfd26b4d 15181285 utils optional openssl_3.0.9.orig.tar.gz
 55648b488efe8b690d65ca0fed27d414 833 utils optional openssl_3.0.9.orig.tar.gz.asc
 f327c0c89ee445c9f42267dbb2941adb 75600 utils optional openssl_3.0.9-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAmR2LaUACgkQBWQfF1cS
+lv+rwwAtejQppXCuqbjZRieS6WgIsZH65OSMmxW1L4y1gBVf2Dvbw7vGjoahjuk
axkrpd9UfZqv+wzHuC86GZWcFRkj2/O3XkEBwmx5eHtH6oUE4Noch3BJtuoI2XVY
aW8HD+6T8SuA74Qkul4q3RCvCrdDh4bmt2t20RA2aDMWX2vz3BJFdY0xFVmHTB9m
rhEtGgP5WSfCXCC0aLq+mE28PlD/TFM2oyvr0Z6S/fZqgl8L/C8ohJdCdeB/Wl2D
01kHFSfxp4KtEYYdGc4JeT+7iH9Dtr8tsj57GeFNNZ3ePReCxD/Ur7P8or16tAcH
db8aEsb3G7nGsE9esnEPa1JwC+de/eSmdzXu5JHIcEsCgefecWlD6Hqz+/cvuqKR
3Oop7reuwpLudlLhjZgukgu8teuJ2wtrXaE6iQWp5CzHE+ATPAEEISWaGnMfaGyV
vkmKtU6bqsGFps2pnHi6ti10GFTbOhFuvkeXNr7hDQbVQ/urA7gNbupDY6Gz/yWd
gL7JlA+s
=1s9b
-----END PGP SIGNATURE-----

News for package openssl