Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-experimental-changes@lists.debian.org> , <debian-devel-changes@lists.debian.org>
Subject: Accepted openssl 3.1.1-1 (source) into experimental
Date: Tue, 30 May 2023 17:49:15 +0000
Signed by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 30 May 2023 19:46:00 +0200
Source: openssl
Architecture: source
Version: 3.1.1-1
Distribution: experimental
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Closes: 1034720
Changes:
 openssl (3.1.1-1) experimental; urgency=medium
 .
   * Import 3.1.1
     - CVE-2023-0464 (Excessive Resource Usage Verifying X.509 Policy
       Constraints) (Closes: #1034720).
     - CVE-2023-0465 (Invalid certificate policies in leaf certificates are
       silently ignored).
     - CVE-2023-0466 (Certificate policy check not enabled).
     - Alternative fix for CVE-2022-4304 (Timing Oracle in RSA Decryption).
     - CVE-2023-2650 (Possible DoS translating ASN.1 object identifiers).
     - CVE-2023-1255 (Input buffer over-read in AES-XTS implementation on 64 bit ARM).
     - Add new symbol.
Checksums-Sha1:
 b393d85b6f854028982d157868bfd05fb838731c 2459 openssl_3.1.1-1.dsc
 d01a0f243672d514aee14bdd74a5d109b6394a78 15544757 openssl_3.1.1.orig.tar.gz
 d44bffcd2554511dd8e72f333c58a81c24443ad7 833 openssl_3.1.1.orig.tar.gz.asc
 834418ea4af2f1cdf02a31d31569caa45c90c75f 75620 openssl_3.1.1-1.debian.tar.xz
Checksums-Sha256:
 f528bb034241e177e741c938a4d18950ec1be186d8b4939383207174c980750b 2459 openssl_3.1.1-1.dsc
 b3aa61334233b852b63ddb048df181177c2c659eb9d4376008118f9c08d07674 15544757 openssl_3.1.1.orig.tar.gz
 2c7e352420ed25de719ba5342384a6feaeb6d3b4f53c7b8a8b090dd456b6544e 833 openssl_3.1.1.orig.tar.gz.asc
 3dc022c2d1f8ad0a2f2fefc27b72e890a3f4fc527cbfdbcd2b6c5a97ed73f9c7 75620 openssl_3.1.1-1.debian.tar.xz
Files:
 b941bed86a0caf1681d9b42e7e310f99 2459 utils optional openssl_3.1.1-1.dsc
 1864b75e31fb4a6e0a07fd832529add3 15544757 utils optional openssl_3.1.1.orig.tar.gz
 67c220fc1962dce4e12540ab33349f4f 833 utils optional openssl_3.1.1.orig.tar.gz.asc
 ad9e056e65d434fbbcbd74d8885cbe72 75620 utils optional openssl_3.1.1-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAmR2NowACgkQBWQfF1cS
+luPBgv9E3/qHkhY/RbRVkaH6cRDPO12TFxIfCHdgKUddlQXoQIxcJ/8CbWLdbwa
k1zcOLnt25Dc7piX7mhN+QwJsKHTuTwLppZgLeHvanYSz17bgJTOmYDPd7TjMjZz
HTd3SWBHIdRZsKRLpTI6rg3PueoChUREcT3TFB3Lywodii/XVMiT3RTnl4lfY5xU
hRVunDN/pnvqKK5SITd/ZMG9+LjcLiDy49GzfLHNupvYdGTauEZ16RdpNKPlxVeB
Ek0NjPoWmhE0h3nDEG5GGduG2/1LWrSyTsFmeBwI1P3nK+/yVwsCK7FRBBgthaVi
23lvXjqq71+AheCNd0mf2qX8V/e+r2dTrMiTandcNrFaDX2Z9imiXQ04ppjuJyNv
ZQ9v1u/R61+t/JALaPiu0S1TrE+Qz6nx0jx8xzIfQf+7BK4/iPuHuUZLoqf40Yce
zlNlp+HT30m/b4v7s31WSr5H7706mHRVPItDZP+yx2VXkrOmti/Ps2pa6nCeQoEW
Ve77X1HZ
=cckS
-----END PGP SIGNATURE-----

News for package openssl