-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 03 Mar 2024 10:47:43 +0100 Source: openssl Architecture: source Version: 3.0.13-1~deb12u1 Distribution: bookworm Urgency: medium Maintainer: Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net> Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Closes: 1055473 1060347 1060858 1061582 Changes: openssl (3.0.13-1~deb12u1) bookworm; urgency=medium . * Import 3.0.13 - CVE-2023-5678 (Fix excessive time spent in DH check / generation with large Q parameter value) (Closes: #1055473). - CVE-2023-6129 (POLY1305 MAC implementation corrupts vector registers on PowerPC) (Closes: #1060347). - CVE-2023-6237 (Excessive time spent checking invalid RSA public keys) (Closes: #1060858) - CVE-2024-0727 (PKCS12 Decoding crashes) (Closes: #1061582). Checksums-Sha1: 407def1c38e50e1824be2ab7ad0dcd5717a2178a 2501 openssl_3.0.13-1~deb12u1.dsc 18b985dcd3fc0bab54cc4bfc10fa9a80ce9e345d 15294843 openssl_3.0.13.orig.tar.gz 87c21896766d59f4fdf6cf234fb8ed0ba9b656c0 833 openssl_3.0.13.orig.tar.gz.asc d88598924a581a34da15d04b9d015159489f2ede 69208 openssl_3.0.13-1~deb12u1.debian.tar.xz Checksums-Sha256: a0d0583621b6650a7b0972b5857f0feeb98abb60272fc975c51a70ffeca3f0f0 2501 openssl_3.0.13-1~deb12u1.dsc 88525753f79d3bec27d2fa7c66aa0b92b3aa9498dafd93d7cfa4b3780cdae313 15294843 openssl_3.0.13.orig.tar.gz ab7d7aecc132ea07c56c5315a2b2d3ff2d02daf0eab0e1464f6245309391130a 833 openssl_3.0.13.orig.tar.gz.asc 36cdd056f863a01560d760df4a2ead07b3f93104355aefb3a25704a271e0fa6e 69208 openssl_3.0.13-1~deb12u1.debian.tar.xz Files: 8468a93c0fbb8f1699ef20aeeebdee06 2501 utils optional openssl_3.0.13-1~deb12u1.dsc c15e53a62711002901d3515ac8b30b86 15294843 utils optional openssl_3.0.13.orig.tar.gz 45dccc24f083d6b857b1b3328611444a 833 utils optional openssl_3.0.13.orig.tar.gz.asc 1e0c6abccaa5118a1cf94804c1bec599 69208 utils optional openssl_3.0.13-1~deb12u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAmXlbf0ACgkQBWQfF1cS +lvxagv/ZN+WgJ2AK4I4p5edoVPgpnLuvAQdq2d8riRVu2aQ+5qWZjJB+IdIjcy/ 5xo/GczdxcVpKeI4nGjeoe9upFQIve4XXCVrfz/iOtUWi3lTwXlujtbJyuwvJniS hZZExN0FIFDRFxTvGrBtuaCBOTXdFChJjXJoGnm7ebErkNcuOo0hU1Wcbo+sWxdH JKzvUCQBgtjtp6FFByh31PIb2L77af49JeePCzQTQugMVcYT8bguUtahGPOKfUp8 XRphS/biXb9yuWw7lte13o1xwcBFH2g0zDRiA79WLEsubUyqrbH+XjBwjNpxOA0Y he7DH6xtv6hSpHJ73OI4Vi79sIcr4w6yVKnkmqVD4161udT8QE0RO6iUJDtSsSXA xJafNXiNlGWOcshZ/QILgp6yw1enwB1HJl7h1cotrqBwRffIHZMV6h3oRaSBWJyE dnQKGBuG1+xisKN2YyWyjbJzuIz5XKaBlOEVfEt3xewg2lnNrN3HvTAT+bqTZbA0 y6mLYSyA =4fSs -----END PGP SIGNATURE-----